General

  • Target

    Lancopdf.iso

  • Size

    306KB

  • Sample

    210504-4kfre12qy6

  • MD5

    1ad4f36b3b11dbbde0e6d905898726dc

  • SHA1

    e3d0d30cd7396bc2d0242b719880b3859e9e6d9a

  • SHA256

    7647af23ff3154b3cab47d0ad05f1c9ee4779f8bd862ef6a4e19d4b70185c5c3

  • SHA512

    e0e083a929b78cfb0a40f996ef54cea107de0519e908302a60189d9c96d490c81b4441acffab6dfe3bc3eca3626664e05fc038c419a18e65e1c66e559920ea64

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.buymobilia.com/ugtw/

Decoy

keystohumanconnection.com

kba5imberly.xyz

wanshuila.com

haus2690dsgnbuild.com

sf-exprrss.com

volesvip.com

pointmansoutpost.com

rytfs.com

hosoume.com

momentsbymich.com

foxterrier-vonderfinsterley.com

uviibe.com

chiaraborrello.com

ild.academy

chinchinyap.com

cn-emmy.com

ixhaberler.com

styles28.space

schutz-service.com

ycgcwsp.com

Targets

    • Target

      Lanco,pdf.exe

    • Size

      245KB

    • MD5

      d539972067e967998d09d0a2f1b31b52

    • SHA1

      20fce9b0e4e0f86143dfba1259b0293a32d74cbb

    • SHA256

      b36a2901bfafd8723bfddd0388f65b0a46237b063ca33edbf773bb589f929981

    • SHA512

      ffa91ce8a780bf1a8fb9f2dba0d5fc74744c82a600d6890acafeff6610828e6d8da751b34cb2ea46558c9a2387c66415c82c254c6131467546fbbae19b3bcd65

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks