General

  • Target

    .wininit.exe

  • Size

    904KB

  • Sample

    210721-r3jvwpkwla

  • MD5

    6c15b3de8c54e5e3339a446af50fc48a

  • SHA1

    1133619a11f7410cf2ee2ca0e42324898e524154

  • SHA256

    306197e367d32ebeb65e18cd9607f58268f6e4751de77ae1cf8f5270e660c1f6

  • SHA512

    6bd0a44da885f085bafa277169c79fcb4411c928b850e16cea3b3119ad81b23a3497c211150ba8cb386a649ef7ed9f89ab026e570844dab2b83762b4dce36a6a

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.tjbc-bearing.com/u6bi/

Decoy

5588aiai.com

sint-ecommerce.com

epreyn.com

unexpectedbrewing.com

pomiandpam.com

viverdebatatas.com

dirham.world

accademiadelfuturo.net

mengyaheng.com

ilocalrealtor.com

glomiotel.website

metal1sa.com

kslife.net

maxfitnesslakeoconee.com

hoteldeleauvive.com

sidingzhou.com

getvocall.com

basicryptomining.com

indiasofannapolis.com

tresorbrut.com

Targets

    • Target

      .wininit.exe

    • Size

      904KB

    • MD5

      6c15b3de8c54e5e3339a446af50fc48a

    • SHA1

      1133619a11f7410cf2ee2ca0e42324898e524154

    • SHA256

      306197e367d32ebeb65e18cd9607f58268f6e4751de77ae1cf8f5270e660c1f6

    • SHA512

      6bd0a44da885f085bafa277169c79fcb4411c928b850e16cea3b3119ad81b23a3497c211150ba8cb386a649ef7ed9f89ab026e570844dab2b83762b4dce36a6a

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks