General
-
Target
PO No. JTL-009-2021-07.exe
-
Size
842KB
-
Sample
210710-gzbbtka8we
-
MD5
9526eb2eaa158f15a23b8cb9056d2d7e
-
SHA1
fd64972f650ac8f97c021c448fae5136fdc713ac
-
SHA256
79043f2f23a008c67568fd1720f10911cfba7ba8008bd214599c6db49aa39791
-
SHA512
c29686b8ffc2ebc53491274e5ffe0ba820d48c55974340e418dc588fa13dfd19fe875ca4cd1452d0577dce13ccccfb12aa80a532f2ec3bafe740b6439ba8974e
Malware Config
Extracted
xloader
2.3
http://www.healthypsn.com/h2eb/
morganhomesnc.com
dwlogitech.com
bismillahbodyoil.com
lilybodacious.com
hangongqiu.com
helpthefam.com
bagladynmore.com
getfreecodes.xyz
robertbrookstowing.com
grohesmartprogram.com
silverpointbc.com
thebeauticrewpodcast.com
realzit.com
gift-shoping.space
m7ymonero.com
poolingadministration.com
77mile.com
blueberriesinmybackpack.com
trau-dich-endlich.com
academyemails.com
Targets
-
-
Target
PO No. JTL-009-2021-07.exe
-
Size
842KB
-
MD5
9526eb2eaa158f15a23b8cb9056d2d7e
-
SHA1
fd64972f650ac8f97c021c448fae5136fdc713ac
-
SHA256
79043f2f23a008c67568fd1720f10911cfba7ba8008bd214599c6db49aa39791
-
SHA512
c29686b8ffc2ebc53491274e5ffe0ba820d48c55974340e418dc588fa13dfd19fe875ca4cd1452d0577dce13ccccfb12aa80a532f2ec3bafe740b6439ba8974e
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-