General

  • Target

    revised quotation.exe

  • Size

    521KB

  • Sample

    210902-g39crche5a

  • MD5

    d3344f685e1963f478711ee2d2d86c48

  • SHA1

    6203016b209ecb8d1d4cfc4ffa0a885a33ffa3a8

  • SHA256

    cc92eda0a8290172b29b51ff05fa235ffd0389fce74d0a40d0e5cc1e4af11497

  • SHA512

    73f901c6c89e63beaf9638442200aa87b5ba2a988080c262392252a8b3d882451e9e16057fdd0478e391861f951d621ac71d6e7119d5aecc8d2e47a7cb69e5df

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.mack3sleeve.com/n58i/

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      revised quotation.exe

    • Size

      521KB

    • MD5

      d3344f685e1963f478711ee2d2d86c48

    • SHA1

      6203016b209ecb8d1d4cfc4ffa0a885a33ffa3a8

    • SHA256

      cc92eda0a8290172b29b51ff05fa235ffd0389fce74d0a40d0e5cc1e4af11497

    • SHA512

      73f901c6c89e63beaf9638442200aa87b5ba2a988080c262392252a8b3d882451e9e16057fdd0478e391861f951d621ac71d6e7119d5aecc8d2e47a7cb69e5df

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks