General
-
Target
Po2142021.xlsx
-
Size
587KB
-
Sample
210914-lvvx9saear
-
MD5
76ea81747e2e9370b97e4d47ddfbabdd
-
SHA1
169fcccd26f30b2bdc6374efe085d5a45812f194
-
SHA256
100738b518fd653a4244f947f6793b69896cb4ef75876588c758e1d521c535c1
-
SHA512
5b8eb3eb4c6af0cf3035e7a8af940c0b1239058a4448f937d7494eb8107b6b069f4e14692aa25de21a5b2478b9d9ce0e5771c8d3bc2389a1edce428002caf9d5
Malware Config
Extracted
xloader
2.3
b6a4
http://www.helpmovingandstorage.com/b6a4/
gr2future.com
asteroid.finance
skoba-plast.com
rnerfrfw5z3ki.net
thesmartroadtoretirement.com
avisdrummondhomes.com
banban365.net
profesyonelkampcadiri.net
royalloanhs.com
yulujy.com
xn--naqejahan-n3b.com
msalee.net
dollyvee.com
albertagamehawkersclub.com
cbspecialists.com
findingforeverrealty.com
mrtireshop.com
wadamasanari.com
growtechinfo.com
qipai039.com
Targets
-
-
Target
Po2142021.xlsx
-
Size
587KB
-
MD5
76ea81747e2e9370b97e4d47ddfbabdd
-
SHA1
169fcccd26f30b2bdc6374efe085d5a45812f194
-
SHA256
100738b518fd653a4244f947f6793b69896cb4ef75876588c758e1d521c535c1
-
SHA512
5b8eb3eb4c6af0cf3035e7a8af940c0b1239058a4448f937d7494eb8107b6b069f4e14692aa25de21a5b2478b9d9ce0e5771c8d3bc2389a1edce428002caf9d5
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-