General

  • Target

    so.exe

  • Size

    650KB

  • Sample

    210505-vbf8y5pbfj

  • MD5

    5551346aa9f251895021b95a2a7cc390

  • SHA1

    acbcecf7599d3c33f6f2a36c0947cfc633d0a406

  • SHA256

    9e189d8d48a66d2f53c972275642da7cbc8ad51b20f04cf1d592bef360db50cf

  • SHA512

    35e43a0f2ef1dd2dfaf921d8af3a4f3ef0f4675479d496141358561c84a3b8c8b1a5bd9497fe6c26757d3e6637edab538ac587d73bc6d47e9b90b751abf55ba3

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.cats16.com/8u3b/

Decoy

pipienta.com

wisdomfest.net

jenniferreich.com

bigcanoehomesforless.com

kayandbernard.com

offerbuildingsecrets.com

benleefoto.com

contactlesssoftware.tech

statenislandplumbing.info

lifestylemedicineservices.com

blazerplanning.com

fnatic-skins.club

effectivemarketinginc.com

babyshopit.com

2000deal.com

k12paymentcemter.com

spwakd.com

lesreponses.com

abundando.com

hawkspremierfhc.com

Targets

    • Target

      so.exe

    • Size

      650KB

    • MD5

      5551346aa9f251895021b95a2a7cc390

    • SHA1

      acbcecf7599d3c33f6f2a36c0947cfc633d0a406

    • SHA256

      9e189d8d48a66d2f53c972275642da7cbc8ad51b20f04cf1d592bef360db50cf

    • SHA512

      35e43a0f2ef1dd2dfaf921d8af3a4f3ef0f4675479d496141358561c84a3b8c8b1a5bd9497fe6c26757d3e6637edab538ac587d73bc6d47e9b90b751abf55ba3

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks