General

  • Target

    50% payment.exe

  • Size

    1MB

  • Sample

    210421-gggj89226e

  • MD5

    91d6babf1d4ec9c3ff032c9f44291161

  • SHA1

    a9009a6c66d5b1f945d7e4ef88ed01dbf86f8d5d

  • SHA256

    5aa4e2536c1e6a2b7ff9509081c03906f982a95df7e44bcf162429ac8f969f14

  • SHA512

    6eda488e5c15e63db870163f652809ee1fce1169054cd296988e4d7bc6096091009bc7383efdb541fdfed2526ef18470896fe13971e84d7966a9ec30a1f72ae4

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.precigentriplegene.net/ey9c/

Decoy

veitev.com

alpinerevenuemanagement.com

filthycarwash.com

semanticzone.net

biteasia.com

cranedlbh.com

dassinlegal.com

celebrityworldhindi.com

theberrydesign.com

neapmusic.com

bombayan.com

lux-n-lush.com

yourcoachingconversations.com

asafera.com

aleraretirementpartners.com

fewsolo.xyz

mgformations.com

jenningscaswell.com

fsgateway.net

egeektechlive.com

Targets

    • Target

      50% payment.exe

    • Size

      1MB

    • MD5

      91d6babf1d4ec9c3ff032c9f44291161

    • SHA1

      a9009a6c66d5b1f945d7e4ef88ed01dbf86f8d5d

    • SHA256

      5aa4e2536c1e6a2b7ff9509081c03906f982a95df7e44bcf162429ac8f969f14

    • SHA512

      6eda488e5c15e63db870163f652809ee1fce1169054cd296988e4d7bc6096091009bc7383efdb541fdfed2526ef18470896fe13971e84d7966a9ec30a1f72ae4

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks