Overview

overview

10

Static

static

1

CTM REQUEST.exe

windows7_x64

10

CTM REQUEST.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CTM REQUEST.exe

  • Size

    265KB

  • Sample

    220131-b1tmaadceq

  • MD5

    64477dc3ce0b183b116147707d6f6928

  • SHA1

    a2859ec6076ff22a0a45a20c056be9d380cb5c54

  • SHA256

    01222693e4698149f19d31ac66567a9815f89509bac13d690de8a5afda2bee08

  • SHA512

    9de95fb485a2dd4554a88cf78faeb5e01bd9073632322804403ab61cde027739750c28a3a036228cbb2f8a432017a0dfd09a3e4cf5dc5da2f7273437be402699

Score
10/10
xloader3a4hloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

3a4h

Decoy

mohamedmansour.net

asap.green

influxair.com

45mpt.xyz

cablerailingdesign.com

salesdisrupter.com

cxfarms.com

enerconfederal.com

pl1x.top

nyoz.top

fitnesz.website

minimi36.com

borealiselectricalrepair.com

miskalqurashi.com

importacionesdelfuturo.com

cigfinanacial.com

luxamata.xyz

digicoin724.com

gozabank.com

tribal-treasures.com

Targets

    • Target

      CTM REQUEST.exe

    • Size

      265KB

    • MD5

      64477dc3ce0b183b116147707d6f6928

    • SHA1

      a2859ec6076ff22a0a45a20c056be9d380cb5c54

    • SHA256

      01222693e4698149f19d31ac66567a9815f89509bac13d690de8a5afda2bee08

    • SHA512

      9de95fb485a2dd4554a88cf78faeb5e01bd9073632322804403ab61cde027739750c28a3a036228cbb2f8a432017a0dfd09a3e4cf5dc5da2f7273437be402699

    Score
    10/10
    xloader3a4hloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks