General

  • Target

    6676755EU.ace

  • Size

    225KB

  • Sample

    210505-gkcxp9nwss

  • MD5

    316a71e98446efb5a2a88043b452502e

  • SHA1

    5362672f0de90517c657bbbd7982e539d10aa20d

  • SHA256

    d965248873f10bf4dc73f66b1cdd63e2baae1f58023ba6c5fcbec2180da361f1

  • SHA512

    5cc200448d23ba12d18c1dde8b0ac4f105921a3e3d8af826b11b2a8bb67b333050addab2a7ab25aabe2aeeb289434b5928fa05b9f42ef1929325d1bf7b61b3a5

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.wwwnptpool.com/cea0/

Decoy

answerwith.com

bingji5.com

choicesrecoverytrainings.com

goodyearpromotions.com

projectguruji.com

outofsandbox.com

chicagosingersforhire.com

goprosquad.com

askmohsin.com

avangardinmobiliaria.com

ultimabritannia.com

alimentafricain.com

recruit-marilyn.com

massu-blog.com

commandsilicon.icu

clearchannel.sucks

greenatlasng.com

spatialdesignoxford.com

nurzia.net

technocratbusiness.com

Targets

    • Target

      6676755EU.exe

    • Size

      392KB

    • MD5

      21aded2e81b866f45ecfc74f98313388

    • SHA1

      afe79c64082ebdab80852f16e94ec852039c66d5

    • SHA256

      658b1b36afe7b456ed4ee5935072485e535a524dfbb863e14ee9fe4fbd5884cb

    • SHA512

      833d047e96e10e717c34f482448cf7ce775604d1797aede87b822967477e1c107c190c5b7e1f20d70759469db75137028f18345ed0628a4cb12a1a655027fca6

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks