General

  • Target

    367006.exe

  • Size

    1.0MB

  • Sample

    210727-96cl3hfqex

  • MD5

    54cd3832c1ab9889d0b3741292a0263b

  • SHA1

    c855ad13ab4cd135d1e04c10524a4f06a2007654

  • SHA256

    e3a371bfc3dd3560f5bd27f023c137e5b2c7bdba80c5b7f14a69f393cbce047e

  • SHA512

    85223e48449c77d8a36a820bb9df9c546ad0c13f9b35c8c542104dd62de557f611bf23e187245b50995481a7e175a96978dea4c0c6fc3b8461f1f07c4111c9a8

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.ameri.loans/dt9v/

Decoy

scandinavianview.com

120x600businessskyscraper.fail

livebigrace.com

fussygang.net

afiyetmarket.com

shopcerygensan.com

iregentos.info

anidonia.com

vtnywvebm.club

envcons.com

blackpharaohbeards.com

shortsnsuits.com

digitalvv.com

czechagents.com

texasadvancedsurgery.com

erhob.com

fastypro.com

singlemomsurvival.com

mohitiitr.com

airsoftoutlet.store

Targets

    • Target

      367006.exe

    • Size

      1.0MB

    • MD5

      54cd3832c1ab9889d0b3741292a0263b

    • SHA1

      c855ad13ab4cd135d1e04c10524a4f06a2007654

    • SHA256

      e3a371bfc3dd3560f5bd27f023c137e5b2c7bdba80c5b7f14a69f393cbce047e

    • SHA512

      85223e48449c77d8a36a820bb9df9c546ad0c13f9b35c8c542104dd62de557f611bf23e187245b50995481a7e175a96978dea4c0c6fc3b8461f1f07c4111c9a8

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks