General

  • Target

    Tvpsqjokvrkkjtpqmbrrbdjuamqgumvxld.exe

  • Size

    855KB

  • Sample

    210727-jwcgdlchwx

  • MD5

    bc1f7a65580d90a503efc484dd48c55e

  • SHA1

    af65acb93acce3bfa6c660261724c46e02b5b3a1

  • SHA256

    74c184d9e5658494b42b413566966b5c54d668aa3dd7631df6d7252c0bcdad03

  • SHA512

    53d03eed09f5e65f48005f95751b5778e19a26cd3347f792857bdb9ffd30162b06d712b3c0451dcce1e47c97f2eabca9cecc10e2998d0999266769ff508d87b8

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.naturalresourcesmgt.com/bsk9/

Decoy

ignitedennys.com

theawslearn.net

tuningyan.wiki

professionalboom.com

btt3d.online

ceyaqua.com

knightslunarius.com

zc168sl.com

girlsnightclasses.com

tcsalud.com

homecottagestudio.com

92gwb.com

stainlesslion.com

arunkapur.com

chalkwithkristi.com

yourmidastouch.com

wijayashaw.com

roofingcompanyinchattanooga.com

sdbadatong.com

tombison.com

Targets

    • Target

      Tvpsqjokvrkkjtpqmbrrbdjuamqgumvxld.exe

    • Size

      855KB

    • MD5

      bc1f7a65580d90a503efc484dd48c55e

    • SHA1

      af65acb93acce3bfa6c660261724c46e02b5b3a1

    • SHA256

      74c184d9e5658494b42b413566966b5c54d668aa3dd7631df6d7252c0bcdad03

    • SHA512

      53d03eed09f5e65f48005f95751b5778e19a26cd3347f792857bdb9ffd30162b06d712b3c0451dcce1e47c97f2eabca9cecc10e2998d0999266769ff508d87b8

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks