General

  • Target

    29c57ac4_by_Libranalysis

  • Size

    219KB

  • Sample

    210503-wdqqp8yxpn

  • MD5

    29c57ac4d6df86a18ef4a475db8b9ab3

  • SHA1

    2a0aee967ed1bed93488ae81e65441316f591a49

  • SHA256

    59afbfdaae8dac4d2c4b5e94d05ce217171cc0a0e14568590d70a2291cc9f0c0

  • SHA512

    973d340db858112a10509dc2382f2e269c6d115050f1350984c125412668d0b28bf482e1ff5dc0d2867c4d9fc7ef8c217344503c636fdf46fdddf7d113eee46c

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.wwwnptpool.com/cea0/

Decoy

answerwith.com

bingji5.com

choicesrecoverytrainings.com

goodyearpromotions.com

projectguruji.com

outofsandbox.com

chicagosingersforhire.com

goprosquad.com

askmohsin.com

avangardinmobiliaria.com

ultimabritannia.com

alimentafricain.com

recruit-marilyn.com

massu-blog.com

commandsilicon.icu

clearchannel.sucks

greenatlasng.com

spatialdesignoxford.com

nurzia.net

technocratbusiness.com

Targets

    • Target

      qt-64647euro.exe

    • Size

      376KB

    • MD5

      c7869904df7369ecb0e07caa879bb981

    • SHA1

      f35f9af1d4cb23da445e03a9763663790aeec6f1

    • SHA256

      078e4b00d3b4cf59fcdb2ec643fa91edb000419950a3e5ac973b0ed0c648d87a

    • SHA512

      0453ceb6e22b5a0449af4a17a0ea41bb107328a436810339061f9b3a74b5b30cb427c61671199248683db145fed7fe8ded88e836191b27f6ae3db07e1bbe3122

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks