General

  • Target

    QUOTE B1020363.PDF.exe

  • Size

    598KB

  • Sample

    210421-27f6xd8trs

  • MD5

    ecc182f3b2feaedcd32a97c51f01f652

  • SHA1

    2c5b57854e772c72f3410d3ee3a29e19b654af1d

  • SHA256

    cc58e505c504c770a1031d30453615f7748b0618b872655ac79a059a072c194c

  • SHA512

    a593ae7b7d81499589722f5b420d645a25b030c264b9ef490016cb7b9e6845cf674b0d25371670c8fef86b54b7716e3f34b70e44b7b084535d8963580e88050d

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.huamxvcyq.icu/aepn/

Decoy

noesos.com

partsus.xyz

manageordercentersupp.com

wickedwallart.com

hike4cash.com

theviragocircle.com

followthesharks.com

paradisevalleywines.com

unmetrolimpio.com

eurocarsnj.com

alvaroeliseo.com

bfc8.xyz

oldcourts.com

bkpef.info

mammately.com

agentcharles.com

wwwmichiganbulb.com

pensolid.info

hibiscushealthcare.com

mwanakbk.com

Targets

    • Target

      QUOTE B1020363.PDF.exe

    • Size

      598KB

    • MD5

      ecc182f3b2feaedcd32a97c51f01f652

    • SHA1

      2c5b57854e772c72f3410d3ee3a29e19b654af1d

    • SHA256

      cc58e505c504c770a1031d30453615f7748b0618b872655ac79a059a072c194c

    • SHA512

      a593ae7b7d81499589722f5b420d645a25b030c264b9ef490016cb7b9e6845cf674b0d25371670c8fef86b54b7716e3f34b70e44b7b084535d8963580e88050d

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks