4a.zip

General
Target

4a.zip

Size

679KB

Sample

210504-mrspf6v9mn

Score
10 /10
MD5

f7b73947f96e3c34620f829256aca4d9

SHA1

fec6158936bda16f2a3cdb56d7dcbca2f291836c

SHA256

5d5d3759e3350abef81021ccf0af5932de24d1e04b93342906f6f86d023ed871

SHA512

8e3a616fc53be2ab0d6b57242220f2d6011cc7887c2b9846addbcb1234cd6b2aebe3d9047e1cbfad1d0b97e5f86f9659f8d189314a1859a8acf16636ebb4d2b6

Malware Config

Extracted

Family xloader
Version 2.3
C2

http://www.pedroiniesta.net/n7ad/

Decoy

orchardevent.com

inthebeginningshop.com

keodm.com

hangthejury.com

cannabisllp.com

letsratethis.com

milanfashionperu.com

adcvip.com

professionalcprclasses.com

checkmytradesmanswork.com

sloanksmith.com

apnajamshedpur.com

665448.com

zryld.com

cabot.city

graet.design

furbabiesandflowers.com

silkisensations.com

sawubonastore.com

screenwinz18.com

freecleanlimpieza.com

kthayerart.com

domennyarendi12.net

buffalobooze.com

1066704.com

godstrader.com

wheyfordays.com

liquidacion-express.com

cinmax.xyz

evamikko.com

bestsellerselect.com

fr-doms1.xyz

publicoon.com

sciencecopy.com

buenosbison.icu

senecadeer.com

madisonroselove.com

momanent.com

colabchat.com

oodledesigns.com

dowershop.com

shop-daily.info

ivoyletdigital.com

cqyuebing.net

market-failure10.com

lcpcap.com

textmining.pro

rodrigueslawgroup.com

justwearshape.com

famharmonie.com

Targets
Target

fea7b692b71803eb020f04ec1a5f8118f5845910d9677fdb4636d9a7d209d0fa.bin

MD5

64af41000584694858d0fcc37b1bf69b

Filesize

728KB

Score
10 /10
SHA1

707c77c61fafdd736c1e02bfdbc8ce7ce24cc759

SHA256

fea7b692b71803eb020f04ec1a5f8118f5845910d9677fdb4636d9a7d209d0fa

SHA512

dff4927081ff280eb4e707660c596adfbf8ada0f02cdbf8dd2414cb368b8036708558e854b892eda7dc0049c11df6ff1044cb0ec7c9ae9a32851ba3790fd7177

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10