General

  • Target

    SHIPPING DOCUMENTS.GZ

  • Size

    389KB

  • Sample

    210916-pcep4sdce6

  • MD5

    8deb4d12e37d0d8ad124072f0a30a88b

  • SHA1

    843fc66125fae97f7c84447510ed28c11cea6dbf

  • SHA256

    20f5ed77316a7c565abd1b4c486ec3991fd36ef1ee95e2442bd3ad5107107f35

  • SHA512

    daddb69cb8c9feb62ae67bee35717543cc0a4f6ce1914b982645cb745fca322445b496921331031482fa4a899d6048d7d3d9e2200b2e7596ccf6d953712517be

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

n58i

C2

http://www.nordicbatterybelt.net/n58i/

Decoy

southerncircumstance.com

mcsasco.com

ifbrick.com

societe-anonyme.net

bantank.xyz

dogecoin.beauty

aboutacoffee.com

babalandlordrealestate.com

tintgta.com

integrity.directory

parwnr.icu

poltishof.online

stayandstyle.com

ickjeame.xyz

currentmotors.ca

pond.fund

petrosterzis.com

deadbydaylightpoints.com

hotel-balzac.paris

focusmaintainance.com

Targets

    • Target

      SHIPPING DOCUMENTS.exe

    • Size

      457KB

    • MD5

      50d046de51441ed6d03da1662cecc772

    • SHA1

      b1be2f4383e4fece502efcdf1494c056ce5f7b10

    • SHA256

      5a3b0b3dfa0c258ad5d6e510d14b3b7ab8b16b49b9024669a4102d55de4e74ae

    • SHA512

      b018d6941e6209a36a6ce07a84a90f96c59bbf4de4bfea126f215160bd10404c1ab88e00939306795c8b99a8a32101cc8cd2e9566a537580b7493e777df9f8cc

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks