General

  • Target

    arrival notice.exe

  • Size

    661KB

  • Sample

    210915-h4yhzadbbq

  • MD5

    692c22c9579ce47100a87e90f911b202

  • SHA1

    29189325967d4716883edabb4c03a5a30d836896

  • SHA256

    3f383c683795d277510e0fb4c806ae17bfb33dd6ff875b66c159068e58c28818

  • SHA512

    98c6759ef92a350f570dd74b2c53d0307d1c8cf0f4b875ba5d2bb13f11e4bd39ef329b2131f45a18f7d48fdd24c2ab3c65370d71efe9f6975d4b3a4428419887

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

n58i

C2

http://www.nordicbatterybelt.net/n58i/

Decoy

southerncircumstance.com

mcsasco.com

ifbrick.com

societe-anonyme.net

bantank.xyz

dogecoin.beauty

aboutacoffee.com

babalandlordrealestate.com

tintgta.com

integrity.directory

parwnr.icu

poltishof.online

stayandstyle.com

ickjeame.xyz

currentmotors.ca

pond.fund

petrosterzis.com

deadbydaylightpoints.com

hotel-balzac.paris

focusmaintainance.com

Targets

    • Target

      arrival notice.exe

    • Size

      661KB

    • MD5

      692c22c9579ce47100a87e90f911b202

    • SHA1

      29189325967d4716883edabb4c03a5a30d836896

    • SHA256

      3f383c683795d277510e0fb4c806ae17bfb33dd6ff875b66c159068e58c28818

    • SHA512

      98c6759ef92a350f570dd74b2c53d0307d1c8cf0f4b875ba5d2bb13f11e4bd39ef329b2131f45a18f7d48fdd24c2ab3c65370d71efe9f6975d4b3a4428419887

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks