General
-
Target
01efad1d_by_Libranalysis
-
Size
10KB
-
Sample
210503-1sgnkm3thj
-
MD5
01efad1d21685954881771187b7c89a3
-
SHA1
27a25eb720a4463bc31ce42d344cb42e634c3ef8
-
SHA256
43b70d6f8bd360f7ad9bcb4f9f0bd70adbab27a733d27ec320168e1a127d8481
-
SHA512
80e44521033828bcd8943870d751139ae76b38e2d02f3dce8ac56df322c2ebc70d92fb8036850be373e8f0e23c4649a3b774523a3431cf59888a42e2c5e1e955
Malware Config
Extracted
http://will.kasraz.com/a/d.dot
Extracted
xloader
2.3
http://www.cats16.com/8u3b/
pipienta.com
wisdomfest.net
jenniferreich.com
bigcanoehomesforless.com
kayandbernard.com
offerbuildingsecrets.com
benleefoto.com
contactlesssoftware.tech
statenislandplumbing.info
lifestylemedicineservices.com
blazerplanning.com
fnatic-skins.club
effectivemarketinginc.com
babyshopit.com
2000deal.com
k12paymentcemter.com
spwakd.com
lesreponses.com
abundando.com
hawkspremierfhc.com
Targets
-
-
Target
01efad1d_by_Libranalysis
-
Size
10KB
-
MD5
01efad1d21685954881771187b7c89a3
-
SHA1
27a25eb720a4463bc31ce42d344cb42e634c3ef8
-
SHA256
43b70d6f8bd360f7ad9bcb4f9f0bd70adbab27a733d27ec320168e1a127d8481
-
SHA512
80e44521033828bcd8943870d751139ae76b38e2d02f3dce8ac56df322c2ebc70d92fb8036850be373e8f0e23c4649a3b774523a3431cf59888a42e2c5e1e955
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-