klSsrzxwsbxeJQh.exe

General
Target

klSsrzxwsbxeJQh.exe

Size

818KB

Sample

210727-4c1hgwxjpe

Score
10 /10
MD5

3be1fa609b4f6efa9d30b5c75810f863

SHA1

61dcd8a4bd4641a7cc4800b5aea9ecaf7c6609bf

SHA256

27572043b01a99f3901af4bd40faf03cd04e722e3fb7ba866ccdb3b2d3fabb11

SHA512

b5d36a463c8eca050b3db941449d79b91c870990685b20bc192f09037231a17c2939c74b2312820a09aa54e553e61a6ab0320ea7b5f9ee60a92331ccf79b7911

Malware Config

Extracted

Family xloader
Version 2.3
C2

http://www.arogyanlife.com/b82a/

Decoy

annguyet.net

parkwood.tech

readysetmortgage.net

betraywithdraw.com

incmagazine.xyz

dentistinpimplesaudagar.com

lianhx.com

prodrelease0827b.com

safehavenwellbeing.com

gehdeinweg.club

sondaggio123.space

prospecx.report

remediate.info

savylash.com

puppornstar.com

coaching-romand.com

boozeshops.com

team316media.com

ldgawydtl.icu

trezteez.com

hhtgd.com

jugoon.xyz

bsafetexting.com

imaycom.com

fakihgroups.com

pfarfour.com

organowantcreator.com

profesyoneltemizlikantalya.com

kustomdiapercakes.com

repealpna.com

seraby.com

eventsshowleads.com

naturallybossed.com

twxgbmbdkxczd.net

gahterwisdom.com

bautec-euregio.com

sarelawadisangh.com

gimedor.com

revolutionofwork.com

zpwizso.com

livinglavidalocaltexas.com

yenidea.com

smugfantasyfootball.com

myprofitvideo.com

inseparablehearts.com

dalebutano.com

bluecatsubs.com

nationwaves.com

theplantwitch.com

ffntc.com

Targets
Target

klSsrzxwsbxeJQh.exe

MD5

3be1fa609b4f6efa9d30b5c75810f863

Filesize

818KB

Score
10 /10
SHA1

61dcd8a4bd4641a7cc4800b5aea9ecaf7c6609bf

SHA256

27572043b01a99f3901af4bd40faf03cd04e722e3fb7ba866ccdb3b2d3fabb11

SHA512

b5d36a463c8eca050b3db941449d79b91c870990685b20bc192f09037231a17c2939c74b2312820a09aa54e553e61a6ab0320ea7b5f9ee60a92331ccf79b7911

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10