General
-
Target
HAWB AND INV.exe
-
Size
724KB
-
Sample
210503-dv64v87372
-
MD5
42662765a94ce5ece11529509f937711
-
SHA1
da57dd4c137c47fc9b906caaf067c6ed13fa2da6
-
SHA256
2138325dd5e2825ee4086187a944af336476b0327e1ddae7563bb24523836e08
-
SHA512
101d7bb5f778e779133f005c801fa26cf1bc147fed9f2774808526c50b3ae8e12863bc7ee3dfb060153d4b0b3a5ef66f357e44d477e1558060fe54df990b4b95
Malware Config
Extracted
xloader
2.3
http://www.alldaazz.com/maw9/
jaimericart.com
mayavantcard.com
romanzava.site
forefrontunderground.com
grafikirmarketing.com
airpoppoff.com
captureq.com
vph.ventures
historiclocation.com
theoxfordway.com
springersells.com
huther.mobi
networkingmaderas.com
reggatech.com
dollfacela.com
moneycrypt.net
calidad-precio.net
hamnsk165.com
victoriabrownrealtor.com
itechfreak.com
Targets
-
-
Target
HAWB AND INV.exe
-
Size
724KB
-
MD5
42662765a94ce5ece11529509f937711
-
SHA1
da57dd4c137c47fc9b906caaf067c6ed13fa2da6
-
SHA256
2138325dd5e2825ee4086187a944af336476b0327e1ddae7563bb24523836e08
-
SHA512
101d7bb5f778e779133f005c801fa26cf1bc147fed9f2774808526c50b3ae8e12863bc7ee3dfb060153d4b0b3a5ef66f357e44d477e1558060fe54df990b4b95
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Looks for VirtualBox Guest Additions in registry
-
Xloader Payload
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-