General

  • Target

    New Purchase Order.exe

  • Size

    691KB

  • Sample

    210507-vvtq6nzrk6

  • MD5

    dd0f163ff1885ed5ead5e16be56f2cab

  • SHA1

    6d1b890762439f0373bbb42eda00f01a72fe09c1

  • SHA256

    de6e847b93ec297fb3e0cf0122b1c36e22f76529455b487d35539dad407bb7ce

  • SHA512

    8681c64bc0ac2edc097a50533b1430851ae8c7b831032a7c11e5580caf0312041e56e369de84b6234041e148dbc7b8d2a7ebd9cef7b0b7df6e8c62ba7521131b

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.1a595vkdjhtktj.xyz/e8bw/

Decoy

muteglad.com

bluemalibuboutique.com

maggiesurbanfarm.com

desire.vegas

i4khmer.com

kamatreats.com

ildentistadeibambinipg.com

bernaertsmusic.business

westtechoilfieldservices.com

cummvv.com

hankrank.com

jackrabbithighway.com

thecheesecakewhisperer.com

thedesignlynx.com

foreverwisconsin.com

drfksa.com

goemon-blog.com

tosh4tukwila.com

bunies3.com

maltvi.com

Targets

    • Target

      New Purchase Order.exe

    • Size

      691KB

    • MD5

      dd0f163ff1885ed5ead5e16be56f2cab

    • SHA1

      6d1b890762439f0373bbb42eda00f01a72fe09c1

    • SHA256

      de6e847b93ec297fb3e0cf0122b1c36e22f76529455b487d35539dad407bb7ce

    • SHA512

      8681c64bc0ac2edc097a50533b1430851ae8c7b831032a7c11e5580caf0312041e56e369de84b6234041e148dbc7b8d2a7ebd9cef7b0b7df6e8c62ba7521131b

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks