General

  • Target

    6eef942a79d429f3b78cbc803ecb9ea9.exe

  • Size

    891KB

  • Sample

    210420-pfhx7skkde

  • MD5

    6eef942a79d429f3b78cbc803ecb9ea9

  • SHA1

    550109e8e745944617412936482670bd7d093c85

  • SHA256

    cdaacff5e2118313479b5e8975d191e71731c2bb1646a4ee5bbf0adf22d86450

  • SHA512

    34d924a1a54bc4b9cfacb4be3c1d4f00d346868b28e767c92ffa1c9a5b2558bf6d36803ce5c7e4fe8f01517f1c7b07637dee3e96df85e7fcee6958f9446bfb08

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.autotrafficbot.com/evpn/

Decoy

memoriesmade-l.com

babypowah.com

usinggroovefunnels.com

qapjv.com

kp031.com

kinfet.com

markmalls.com

keithforemandesigns.com

fydia.com

jesussaysalllivesmatter.com

sarachavesportela.com

standerup.com

monthlywifi.com

productsoffholland.com

newbieadvice.com

globalnetworkautomation.com

theholisticbirthco.com

physicalrobot.com

thesouthernhomesellers.com

teamcounteract.com

Targets

    • Target

      6eef942a79d429f3b78cbc803ecb9ea9.exe

    • Size

      891KB

    • MD5

      6eef942a79d429f3b78cbc803ecb9ea9

    • SHA1

      550109e8e745944617412936482670bd7d093c85

    • SHA256

      cdaacff5e2118313479b5e8975d191e71731c2bb1646a4ee5bbf0adf22d86450

    • SHA512

      34d924a1a54bc4b9cfacb4be3c1d4f00d346868b28e767c92ffa1c9a5b2558bf6d36803ce5c7e4fe8f01517f1c7b07637dee3e96df85e7fcee6958f9446bfb08

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks