General

  • Target

    PaymentAdvice.exe

  • Size

    388KB

  • Sample

    210408-855sx83vjn

  • MD5

    6f7b859f349e73f24ddffa5bf11bbe27

  • SHA1

    87e76a368434c54cc4904ea4219e14c25f9ba7e6

  • SHA256

    f45a023c86d834183f3073c05227d6f40686aef4a71b3893b823be493d7aae83

  • SHA512

    8b2a3d9360c358358ae7750df53d5072aad39d27ca87d2ed14908c65acdca66070b7bb379c2950008f03b03ccc1dbd9a6d0836934c508283fcf55cde4e5c1f5b

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.saturnkorp.net/c22b/

Decoy

westendjanakpuri.com

sylvianicolades.com

xhvai.com

vitalinfusionofarizona.com

orangeecho.com

middletonyork.net

nature-powered.com

securemanchester.com

hispanicalinguablog.com

vtz6whu5254xb1.xyz

forceshutdown.com

apointlessspace.net

wildsoulsport.com

baa-bee.com

unmanglement.com

njtiy.com

misery-indexrain.com

buybox.guru

abolishlawinforcement.com

healthforherraleigh.clinic

Targets

    • Target

      PaymentAdvice.exe

    • Size

      388KB

    • MD5

      6f7b859f349e73f24ddffa5bf11bbe27

    • SHA1

      87e76a368434c54cc4904ea4219e14c25f9ba7e6

    • SHA256

      f45a023c86d834183f3073c05227d6f40686aef4a71b3893b823be493d7aae83

    • SHA512

      8b2a3d9360c358358ae7750df53d5072aad39d27ca87d2ed14908c65acdca66070b7bb379c2950008f03b03ccc1dbd9a6d0836934c508283fcf55cde4e5c1f5b

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks