General

  • Target

    sample2.zip

  • Size

    557KB

  • Sample

    210507-21d12nfg3e

  • MD5

    161cbd3f3248ee8eadcd9930ecc8859e

  • SHA1

    1b9f4bbc3ea7343be2a8c313de1220ebea756b70

  • SHA256

    9ed84f9f973b347f43b51d079a97623f4cc9f6d5a7b793e1593f26207101af3c

  • SHA512

    77fc79ca930e5d36a315f4ae845620c828a31bed6f4210a7d58d2fcaf56d1cc62969c0ac194446a21c42a22ce59270f10fc5076abdd133c12a65de76647cdd98

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.zlzntiayc.icu/a6ru/

Decoy

noseainsight.com

chateaudedigoine.com

tezhonda.com

lowergwyeneddmassage.com

convenienttext.com

quickbookaccountingpros.com

mashburneventcenter.com

marthabymsfashion.com

thearcadela.com

invisiblefingerprint.com

nikadoo.com

artsmartclinton.com

elitetouringinnovations.com

atualizarapp2020.com

nideke1.com

fyj-sh.com

rufflesales.com

algemixdelchef.com

appleoneplus.com

ryosuketanikawa.com

Targets

    • Target

      winlog.exe

    • Size

      696KB

    • MD5

      5d2f26ac6b48725279d98aa87eff8506

    • SHA1

      7ab3874eb9d316a503133367b12d3628e6dbe264

    • SHA256

      06bed76c389db454d5b86a64bf7127a21c013b48d79b3b83511263c424f5cf65

    • SHA512

      e81c607ee870bde0e5a84714f1634e19f6959d1f46a4d5ffea2baeba241712ca4f2e2bdf4f6c8794db7b35216ded5d52743b7faac75d3382dd58f88e24294e41

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

1
T1082

Tasks