General
-
Target
5544835851386880.zip
-
Size
4.4MB
-
Sample
210812-vz4twltp5a
-
MD5
99aa342771928acf2d245a78e95d7ffe
-
SHA1
14cd538764217cb2f09603ec2196ad971fbdbe8d
-
SHA256
ac00f76b8b9b7a4da749a85063b49c446b4b50e9837907c737a4675bcee43c3d
-
SHA512
8e42c097b0cb7ccab4ec647d28ffd894f7e20bd7bec5ba6482dc8d243f4b9a493840034947d12a92e1ceca8224a255f481de25e5a79bcdb1587feb36dcb49f21
Malware Config
Extracted
xloader
2.3
avc9
http://www.buyershealthy.com/avc9/
thejamalpur.com
oneofthemthere.com
instaleadsolutionsllc.com
dorchestercountyhomehunter.com
digirmbbank.com
taeheavyequipmentparts.xyz
topless.cloud
heatherhuntercoaching.com
pennysworld.net
auirz.xyz
conserfic.com
haroopet.com
perazabenefits.com
tuftmultimodal.com
quanlailai.com
revealsonwheels.com
rafaellaepedro.com
cowbex.info
cobject-studio.com
odp.xyz
Targets
-
-
Target
13d97308ca4e87d31024b1fcbfca7f7fdac365a4bf2264ca18499847d411bb69
-
Size
4.4MB
-
MD5
57c89dd8d8ff1fd5192ce1c48c3acbd6
-
SHA1
c3a94aedc5fce3afdafe25ac648f3579e71cfaf3
-
SHA256
13d97308ca4e87d31024b1fcbfca7f7fdac365a4bf2264ca18499847d411bb69
-
SHA512
bdb1017d539ebdaf39b921ce580d064bd5d148d53def3c0b6879b469e798b212b70e334026c33bf5418afd40a507becb0898df2848b17ec3c961bf2e8bc32479
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-