Payment Copy.exe

General
Target

Payment Copy.exe

Size

258KB

Sample

210924-n642esghb8

Score
10 /10
MD5

0d6e0449a278b6971826e0da856aed38

SHA1

f95ea74f5d687eaedc24a2abadb77229e4918698

SHA256

2dc7525f9ee6e09a25f840b457bf5b0ba228c4697e1f3d4b81bd2964d2eafc61

SHA512

512a7984a5c9eccb6abad93a77a58497e32192a2197bb01e82ff7e17f0c5afcc796ecb4802c14d105e9ebec2479d22be39f0a4c2832e18ffabb991c211b6a9f7

Malware Config

Extracted

Family xloader
Version 2.5
Campaign b2c0
C2

http://www.thesewhitevvalls.com/b2c0/

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

sunshinefamilysupport.com

madison-co-atty.net

newhousebr.com

newstodayupdate.com

kamalaanjna.com

itpronto.com

hi-loentertainment.com

sadpartyrentals.com

vertuminy.com

khomayphotocopy.club

roleconstructora.com

cottonhome.online

starsspell.com

bedrijfs-kledingshop.com

aydeyahouse.com

miaintervista.com

taolemix.com

lnagvv.space

bjmobi.com

collabkc.art

onayli.net

ecostainable.com

vi88.info

brightlifeprochoice.com

taoluzhibo.info

techgobble.com

ideemimarlikinsaat.com

andajzx.com

shineshaft.website

arroundworld.com

Targets
Target

Payment Copy.exe

MD5

0d6e0449a278b6971826e0da856aed38

Filesize

258KB

Score
10 /10
SHA1

f95ea74f5d687eaedc24a2abadb77229e4918698

SHA256

2dc7525f9ee6e09a25f840b457bf5b0ba228c4697e1f3d4b81bd2964d2eafc61

SHA512

512a7984a5c9eccb6abad93a77a58497e32192a2197bb01e82ff7e17f0c5afcc796ecb4802c14d105e9ebec2479d22be39f0a4c2832e18ffabb991c211b6a9f7

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        7/10

                        behavioral2

                        10/10