Overview

overview

10

Static

static

1

triage_dro...le.exe

windows7_x64

10

triage_dro...le.exe

windows10-2004_x64

10

Resubmissions

28-02-2022 15:20

220228-sq37eaeee2 10

28-02-2022 15:15

220228-smwyxsfhdq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    triage_dropped_file

  • Size

    339KB

  • Sample

    220228-smwyxsfhdq

  • MD5

    e2b38d12aac4c0d8cc5ff6588158ed62

  • SHA1

    03ad689d9baee2a32943ae87f601fa624d2dc503

  • SHA256

    ab928039cd56672d5b9a02322f1d91793cc6fcd3b42217c00cc682a0a42d1620

  • SHA512

    ab105692c72406006e93a5b21fc612362e01477266af6bb4014cfb0f90d393b458a58c5139d2f59ca81f5ec5348077a2b1a2077f5fed486d87efdb872a9bdcae

Score
10/10
xloaderp2a5loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

    • Target

      triage_dropped_file

    • Size

      339KB

    • MD5

      e2b38d12aac4c0d8cc5ff6588158ed62

    • SHA1

      03ad689d9baee2a32943ae87f601fa624d2dc503

    • SHA256

      ab928039cd56672d5b9a02322f1d91793cc6fcd3b42217c00cc682a0a42d1620

    • SHA512

      ab105692c72406006e93a5b21fc612362e01477266af6bb4014cfb0f90d393b458a58c5139d2f59ca81f5ec5348077a2b1a2077f5fed486d87efdb872a9bdcae

    Score
    10/10
    xloaderp2a5loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks