General

  • Target

    1c7a241966323185ddea3b121d08b14a.exe

  • Size

    1.1MB

  • Sample

    210306-n8a8d26g1x

  • MD5

    1c7a241966323185ddea3b121d08b14a

  • SHA1

    2d9a41bfbad3416321e1913e92f8ee8c8d4e8c7e

  • SHA256

    9f5ee7d9915ac3e6f684c7e22555357b5c43c6ca6cbaca8a974b667b51a3ba51

  • SHA512

    f7278a13422e24881ebf4444de998ebc91fdadf068d0350e2f139e3eeaf905de961d83b2ffd8a0e560cb04f4da55faa07be3b96b2ee4b0a29b1bcd5e0fc5aeb5

Score
10/10

Malware Config

Extracted

Family

xloader

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

    • Target

      1c7a241966323185ddea3b121d08b14a.exe

    • Size

      1.1MB

    • MD5

      1c7a241966323185ddea3b121d08b14a

    • SHA1

      2d9a41bfbad3416321e1913e92f8ee8c8d4e8c7e

    • SHA256

      9f5ee7d9915ac3e6f684c7e22555357b5c43c6ca6cbaca8a974b667b51a3ba51

    • SHA512

      f7278a13422e24881ebf4444de998ebc91fdadf068d0350e2f139e3eeaf905de961d83b2ffd8a0e560cb04f4da55faa07be3b96b2ee4b0a29b1bcd5e0fc5aeb5

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks