Unpaid invoice.exe

General
Target

Unpaid invoice.exe

Size

548KB

Sample

210915-hm4cwsaac2

Score
10 /10
MD5

3ade5b9b508051cc39c1c610f4af5a12

SHA1

662056878a2b1fb1e99d1f74bb0e8694904fdccd

SHA256

207dff33f6f91f114deae60a6cb3a404a5f40bc607fb6015f680c8980af7ac16

SHA512

a99f9f23663bc09fca19a96968a15014679e8bbe2bb4a6f64897a34b86faf72848af138b4dbdcda1ef19d4e2488e81dc447c50af5e05f2c67cf7521b070c3d0f

Malware Config

Extracted

Family xloader
Version 2.3
Campaign b6cu
C2

http://www.allfyllofficial.com/b6cu/

Decoy

sxdiyan.com

web0084.com

cpafirmspokane.com

la-bio-geo.com

chacrit.com

stuntfighting.com

rjsworkshop.com

themillennialsfinest.com

thefrontrealestate.com

chairmn.com

best1korea.com

gudssutu.icu

backupchip.net

shrikanthamimports.com

sportrecoverysleeve.com

healthy-shack.com

investperwear.com

intertradeperu.com

resonantonshop.com

greghugheslaw.com

instrumentum.store

creative-cloud.info

sansfoundations.com

pmca.asia

night.doctor

19v5.com

cmas.life

yhanlikho.com

kartikpatelrealtor.com

viralpagi.com

samsonengineeringco.com

mh666.cool

laboratoriosjj.com

produklokal.com

tjhysb.com

solutions-oigroup.com

chictarh.com

gotmail.info

yourvalue.online

mylinkreview.com

champonpowerequipment.com

starcoupeownersindonesia.com

buzagialtligi.com

botol2-lasdnk.com

blunss.info

l3-construction.com

fmodesign.com

silkraga.com

editimpact.com

unionairjordanla.com

Targets
Target

Unpaid invoice.exe

MD5

3ade5b9b508051cc39c1c610f4af5a12

Filesize

548KB

Score
10 /10
SHA1

662056878a2b1fb1e99d1f74bb0e8694904fdccd

SHA256

207dff33f6f91f114deae60a6cb3a404a5f40bc607fb6015f680c8980af7ac16

SHA512

a99f9f23663bc09fca19a96968a15014679e8bbe2bb4a6f64897a34b86faf72848af138b4dbdcda1ef19d4e2488e81dc447c50af5e05f2c67cf7521b070c3d0f

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10