General
-
Target
NEW ORDER RE PO88224.PDF.iso
-
Size
526KB
-
Sample
210924-j4earsgcgm
-
MD5
01b2a64fff1fe10a32ec06541181f48f
-
SHA1
815b96a425f107a2a064424cedbce5e4023df989
-
SHA256
8eac1ee2c601de814b716a91238a115f7294ed39fa0c0bf69eeb318ac9792284
-
SHA512
78c608ec720e8dc694625e605bc76e91a0d20482f9a687018de901efbd4fc0640291a89899e031b282df07565e78ef2f33c560cc61595fb85678d8f64307830a
Malware Config
Extracted
xloader
2.5
ny9y
http://www.caddomain.com/ny9y/
prelovedboutiqe.com
zhantool.com
grypeguidgorge.com
aa6588.com
privateerspacecompany.space
phil-goodman.com
jckabogados.com
familybeautifull.com
probinns.com
angelika-fritz.online
mygeeb.com
481344.com
freesoft.pro
extracter.store
fasxpay.com
hnjxcd.com
wfot2002.com
worldexecutor.com
tongxintachangjia.com
zachtippit.com
Targets
-
-
Target
NEW ORDER RE PO88224.PDF.exe
-
Size
465KB
-
MD5
a88e3833ee5ccb2434ee90aa645a8894
-
SHA1
b6e78de80bbdc7748dfcbea47bc43593b587b075
-
SHA256
4dfab25d3ccff9a33396c252590c27c57f23f9a94b11ebd9834b23981b0908e6
-
SHA512
becf2614d5196c2b43f74c94f76cc0e9e21ffc75edd8a3ec8057a01ed9e8cfce755590228174692e4935861406627f7048fcf0294007b62148c5ece9f065af77
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-