General

  • Target

    WaybillDoc_7349796565.pdf.exe

  • Size

    386KB

  • Sample

    210503-n7k14chcaj

  • MD5

    4065ba5a51d8e109af60298b49a2b6bf

  • SHA1

    46f7537eacf69958713d9726baa78f4e1061ad96

  • SHA256

    a493b139543bd582271914a75e9105f38a73217871bf859651fa9e67cc94954b

  • SHA512

    84fe83e97a070ca3dc5437b55671180c07f27355dcbfedd351a3f1e6a63434cf92aedd1003d6369aefc7396e09f7c732bef9fe7525661c6ff6328b849c3e4ffa

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.richgranddad.com/sbqi/

Decoy

wishesandmessages.com

core4rewards.com

goldenmilkmg.com

mayursethi.com

amrustore.com

retaboo.com

cabinwell.com

puneripunekar.com

premiernmhomes.com

europaeducationgroup.cat

passiveprofitsuccess.com

austincitylegacy.net

authenticshoppeco.com

netyeba.net

taichiforwellbeingonline.com

desichefs.com

ariaronakparseh.com

workelop.com

theestellawear.com

cunerier.com

Targets

    • Target

      WaybillDoc_7349796565.pdf.exe

    • Size

      386KB

    • MD5

      4065ba5a51d8e109af60298b49a2b6bf

    • SHA1

      46f7537eacf69958713d9726baa78f4e1061ad96

    • SHA256

      a493b139543bd582271914a75e9105f38a73217871bf859651fa9e67cc94954b

    • SHA512

      84fe83e97a070ca3dc5437b55671180c07f27355dcbfedd351a3f1e6a63434cf92aedd1003d6369aefc7396e09f7c732bef9fe7525661c6ff6328b849c3e4ffa

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks