General

  • Target

    PURCHASE CONTRACT #GJPL1202 2021-22PDF.exe

  • Size

    923KB

  • Sample

    210624-9ryhhm27ds

  • MD5

    8eb4085101f4cc1f78bde6323c2cf954

  • SHA1

    2162c6fa8a2c278b2a6aeea2491ea62eea56e5c4

  • SHA256

    00139ffbc60ffd8c46045238f984371a7cd5dd8a9c0f39af10eb0512bb82a40a

  • SHA512

    56b1a44c974d1635e0daf84b7038ab8e6672b0dc74eb41609c2467a09e2f22b59bb34be7ba0c92623685d845228874c5378d157c299bdc7081aef60bf7919e03

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.xgegqs.com/gscc/

Decoy

digdeepalways.com

medicaidcovidsurvey.com

thebranchfellowship.com

trillionairebigboysclub.com

pointsvalidation.com

thatcomfortableplace.com

stretchingchic.com

tabletadigital.online

xkg.xyz

merlin-hygieneforce.com

mockexamsonline.com

mortgagemegloans.com

fraudcast.net

bexleyheathdmcc.xyz

shop77c.club

blueathue.com

bjzxsd.com

8metode.com

ravexim3.com

kratiemthaicuisine.com

Targets

    • Target

      PURCHASE CONTRACT #GJPL1202 2021-22PDF.exe

    • Size

      923KB

    • MD5

      8eb4085101f4cc1f78bde6323c2cf954

    • SHA1

      2162c6fa8a2c278b2a6aeea2491ea62eea56e5c4

    • SHA256

      00139ffbc60ffd8c46045238f984371a7cd5dd8a9c0f39af10eb0512bb82a40a

    • SHA512

      56b1a44c974d1635e0daf84b7038ab8e6672b0dc74eb41609c2467a09e2f22b59bb34be7ba0c92623685d845228874c5378d157c299bdc7081aef60bf7919e03

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks