ledger.exe

General
Target

ledger.exe

Size

746KB

Sample

210910-lc3kdschfl

Score
10 /10
MD5

bb7bbc40aef8439092e6345d3428c975

SHA1

9bf46b95ff700e57bc0e38d5133577bfad260ea2

SHA256

b194903f2fb1231113b2cffdd6cf47e25d4d9f99675654f70865b1f3d0a9160c

SHA512

a1ed9eac420f49c4e101ddfb84a1b148a2c05a0999553978528cc1976f3027325b0944c721696ddc1b73b68bcc9766dcb884414efae70543ae7023f34130632f

Malware Config

Extracted

Family xloader
Version 2.3
Campaign n58i
C2

http://www.biosonicmicrocurrent.com/n58i/

Decoy

electrifyz.com

silkpetalz.net

cognitivenavigation.com

poophaikus.com

orchidiris.com

arteregalos.com

dailybookmarks.info

gogoanume.pro

hushmailgmx.com

trjisa.com

notontrend.com

2020polltax.com

orderhappy.club

panggabean.net

govsathi.com

hrsbxg.com

xvideotokyo.online

lotteplaze.com

lovecleanliveclean.com

swaphomeloans.net

arcadems.info

creatingstrongerathletes.com

follaproperties.com

i-postgram.com

bootybella.fitness

avtofan.net

bimbavbi.com

yourtravelsbuddy.com

laiofit.com

ofnick.com

2g6gc6zma9g.net

phamthanhdam.com

shopteve.com

add-fast.com

studioloungemke.com

maxtoutfitness.com

mapleway.systems

login-settings.com

affoshop.com

hupubets.com

3energyservices.com

ccmfonline.com

keyhousebuyers.com

curvecue.com

developerdevelopment.com

jamesdunnandsons.com

devyassine.com

dongyilove.com

alienpuran.com

tuolp.com

Targets
Target

ledger.exe

MD5

bb7bbc40aef8439092e6345d3428c975

Filesize

746KB

Score
10 /10
SHA1

9bf46b95ff700e57bc0e38d5133577bfad260ea2

SHA256

b194903f2fb1231113b2cffdd6cf47e25d4d9f99675654f70865b1f3d0a9160c

SHA512

a1ed9eac420f49c4e101ddfb84a1b148a2c05a0999553978528cc1976f3027325b0944c721696ddc1b73b68bcc9766dcb884414efae70543ae7023f34130632f

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10