Overview

overview

10

Static

static

1

win32.exe

windows7_x64

10

win32.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    win32.exe

  • Size

    385KB

  • Sample

    220219-jr1y1aaegq

  • MD5

    8c6d84464096e6d1849c689708516a8d

  • SHA1

    8be47c3512da862eacddc5f4e1eddc55d0e8d4bb

  • SHA256

    6370ffa17cea91839f8a40555da2ef41f0e97d539e4bdc60871a7783abcdd7f6

  • SHA512

    02913ecf4ab9927c86efb3add83a9edf21de2269acc49b698296626242d5aa04cd89eb8ac267ddafac82d39a2fa099e7474cd70f13f22ab324d1c54f14fbe967

Score
10/10
xloaderahc8loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

    • Target

      win32.exe

    • Size

      385KB

    • MD5

      8c6d84464096e6d1849c689708516a8d

    • SHA1

      8be47c3512da862eacddc5f4e1eddc55d0e8d4bb

    • SHA256

      6370ffa17cea91839f8a40555da2ef41f0e97d539e4bdc60871a7783abcdd7f6

    • SHA512

      02913ecf4ab9927c86efb3add83a9edf21de2269acc49b698296626242d5aa04cd89eb8ac267ddafac82d39a2fa099e7474cd70f13f22ab324d1c54f14fbe967

    Score
    10/10
    xloaderahc8loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks