General

  • Target

    SecuriteInfo.com.Gen.Variant.Androm.29.7073.26917

  • Size

    256KB

  • Sample

    210508-nrxlwlessx

  • MD5

    169763f8e7731554cf5588290a6bc91e

  • SHA1

    d7ae18ba8e1c5043a152bc29aef950c4b3841c3a

  • SHA256

    0c5a22c770faa9a49feb2d8c881d51138f4892dad188e3391d345d0865e8953b

  • SHA512

    2744e153948acfc48cf968674d43d964784588e6a3088f699b505f58afe2d86feaf9a4ba6365b2979353d1a2561a76c4fe07316ec67838a5b2b85855308ffb3c

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.onyxcomputing.com/u8nw/

Decoy

constructionjadams.com

organicwellnessfarm.com

beautiful.tours

medvows.com

foxparanormal.com

fsmxmc.com

graniterealestategroup.net

qgi1.com

astrologicsolutions.com

rafbar.com

bastiontools.net

emotist.com

stacyleets.com

bloodtypealpha.com

healtybenenfitsplus.com

vavadadoa3.com

chefbenhk.com

dotgz.com

xn--z4qm188e645c.com

ethyi.com

Targets

    • Target

      SecuriteInfo.com.Gen.Variant.Androm.29.7073.26917

    • Size

      256KB

    • MD5

      169763f8e7731554cf5588290a6bc91e

    • SHA1

      d7ae18ba8e1c5043a152bc29aef950c4b3841c3a

    • SHA256

      0c5a22c770faa9a49feb2d8c881d51138f4892dad188e3391d345d0865e8953b

    • SHA512

      2744e153948acfc48cf968674d43d964784588e6a3088f699b505f58afe2d86feaf9a4ba6365b2979353d1a2561a76c4fe07316ec67838a5b2b85855308ffb3c

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks