General

  • Target

    scan files 15-9-21.exe

  • Size

    556KB

  • Sample

    210915-h8y1asdbdl

  • MD5

    00e32d8a2cbd54e967bfc8f512086ecf

  • SHA1

    f51b70a2117089a87b0daf6f179a3b492acf58f2

  • SHA256

    36d409b61a0f456cb3e593338ebf2db1fae38ea645392d98030bc7e7a0eb9a3c

  • SHA512

    2996b453b9096b7cbd8eadbe602a80bbf1ba9f721079b657e672fcade97ff8b098aabc81ebb1beb97acaece0ab97e9d0cb33fb90af17bcb66d00ba0787763c48

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

mej0

C2

http://www.lifewithbriana.com/mej0/

Decoy

mtxs8.com

quickskiplondon.com

sltplanner.com

generatedate.com

amsinspections.com

tomrings.com

109friends.com

freelovereading.com

avalapartners.com

nordiqueluxury.com

inmbex.com

everybankatm.com

bo1899.com

ashymeadow.com

pubgm-chickendinner.com

takudolunch.com

carlagremiao.com

actonetheatre.com

wemhealth.com

khasomat.net

Targets

    • Target

      scan files 15-9-21.exe

    • Size

      556KB

    • MD5

      00e32d8a2cbd54e967bfc8f512086ecf

    • SHA1

      f51b70a2117089a87b0daf6f179a3b492acf58f2

    • SHA256

      36d409b61a0f456cb3e593338ebf2db1fae38ea645392d98030bc7e7a0eb9a3c

    • SHA512

      2996b453b9096b7cbd8eadbe602a80bbf1ba9f721079b657e672fcade97ff8b098aabc81ebb1beb97acaece0ab97e9d0cb33fb90af17bcb66d00ba0787763c48

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks