General

  • Target

    PROFOMA INVOICE.exe

  • Size

    866KB

  • Sample

    210924-q2accshbck

  • MD5

    24736913b455be2ed3d1cc67c767afc4

  • SHA1

    8026db0f265178cf013ac579c1b7267f4014bf2c

  • SHA256

    a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b

  • SHA512

    49dd3e5ecbf6d4cd310a45d0b52e36a363d701f0a9cc14a1d3c103b613eb5a756fdc9ce8b028d69b56c4c8137d29ea3d57865b4ff75dac44bf982e5c80ee56ee

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

    • Target

      PROFOMA INVOICE.exe

    • Size

      866KB

    • MD5

      24736913b455be2ed3d1cc67c767afc4

    • SHA1

      8026db0f265178cf013ac579c1b7267f4014bf2c

    • SHA256

      a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b

    • SHA512

      49dd3e5ecbf6d4cd310a45d0b52e36a363d701f0a9cc14a1d3c103b613eb5a756fdc9ce8b028d69b56c4c8137d29ea3d57865b4ff75dac44bf982e5c80ee56ee

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation