General

  • Target

    74ed218c_by_Libranalysis

  • Size

    775KB

  • Sample

    210503-bgwhjav8hx

  • MD5

    74ed218c2c421e3978445a1edbe40a08

  • SHA1

    16d950eae07654c9805d4476928c4c8d7d12fcc1

  • SHA256

    b32ad3bf2b79e411ca0450c1d5430d12c9bb73c269e0838ee512bc816fcce3b7

  • SHA512

    0cb4af6ad1434d4140d0e055fc77de2543c9ea9babe077de27184b1628cbdc8f32530c5f0c2f4b3e1199459c0521e67415421525070c0870e75dc09105bf94d6

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.cats16.com/8u3b/

Decoy

pipienta.com

wisdomfest.net

jenniferreich.com

bigcanoehomesforless.com

kayandbernard.com

offerbuildingsecrets.com

benleefoto.com

contactlesssoftware.tech

statenislandplumbing.info

lifestylemedicineservices.com

blazerplanning.com

fnatic-skins.club

effectivemarketinginc.com

babyshopit.com

2000deal.com

k12paymentcemter.com

spwakd.com

lesreponses.com

abundando.com

hawkspremierfhc.com

Targets

    • Target

      74ed218c_by_Libranalysis

    • Size

      775KB

    • MD5

      74ed218c2c421e3978445a1edbe40a08

    • SHA1

      16d950eae07654c9805d4476928c4c8d7d12fcc1

    • SHA256

      b32ad3bf2b79e411ca0450c1d5430d12c9bb73c269e0838ee512bc816fcce3b7

    • SHA512

      0cb4af6ad1434d4140d0e055fc77de2543c9ea9babe077de27184b1628cbdc8f32530c5f0c2f4b3e1199459c0521e67415421525070c0870e75dc09105bf94d6

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks