General
-
Target
DHL Shipment Delivery_Pdf.ace
-
Size
422KB
-
Sample
210906-hh6mfsdgcn
-
MD5
21937e507e417f00ba2a6050145d901d
-
SHA1
1d124df2548b846558bdb8fe2b6b905bd1b1d50c
-
SHA256
5584bec329f0c837465e6e786730ad3248ad98e6c3e006b0b808932057aa9bc2
-
SHA512
24cc64ab7f579f495cd653d801e5796e4bdc5e57ae64505cfe1816d607de5039e143c7e9f97d3bab9c85cc50ba0739f613ad4eb30df6b3127a8aa2a9781d2182
Malware Config
Extracted
xloader
2.3
u86g
http://www.99356a.com/u86g/
agenciaplim.com
fastpage.info
tiantianbd.com
hanedanpirlanta.com
project1accessories.com
rebeccadoumet.com
vrdnfz.com
jeaninesatl.com
isaakwallihconstruction.com
aegis.cloud
tigerandsnow.com
thehappyadventurer.com
ahhazu.com
hiveplushoney.com
k-plan-ning.com
peresvet.one
darkworkcustoms.com
deathbok.com
blackinkswizz.com
077sb.com
Targets
-
-
Target
DHL Shipment Delivery_Pdf.exe
-
Size
848KB
-
MD5
91476ab6caae4d5ed99c3e5180812144
-
SHA1
6ade7a1487ba2385c96ff47230377e51ef5d4709
-
SHA256
823536a9c4dfcb7ea455b209f3702d792b2db6ad5202f063b2368b82191966b5
-
SHA512
cc60af3448e5e25f3baf06e964c0a8fdb1b41056711e69d0e9859ba6acc118b3a66aae8eb8a4e9549ec97f3e5662c7dd4ba9a86a89e9f7c4f13f5bd9377d0cec
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-