General

  • Target

    a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

  • Size

    252KB

  • Sample

    210924-qd9gjshah7

  • MD5

    0b042901cc8cebe4ad918f889d8928e0

  • SHA1

    7f03f52d593e4fea5e13525d7e213cc950f3d84a

  • SHA256

    a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

  • SHA512

    87cc3b720ba5b0901963fdeee60254992931a4ea3cd36b2dcd1aeb886563e9e7c39619b5c17716557b2b6a652052c717d9314b724b5dc0b48f3e36ade0aa52f9

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

noha

C2

http://www.mglracing.com/noha/

Decoy

iphone13promax.support

trailer-racks.xyz

overseaspoolservice.com

r2d2u.com

dawajeju.com

nextgenproxyvote.com

xn--vhqp8mm8dbtz.group

commonsenserisk.com

cmcqgxtyd.com

data2form.com

bois-applique.com

originallollipop.com

lj0008lj.net

spfldvaccineday.info

phalcosnusa.com

llcmastermachine.com

onlyforu14.rest

bestmarketingautomations.com

officialswitchmusic.com

thepretenseofjustice.com

Targets

    • Target

      a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

    • Size

      252KB

    • MD5

      0b042901cc8cebe4ad918f889d8928e0

    • SHA1

      7f03f52d593e4fea5e13525d7e213cc950f3d84a

    • SHA256

      a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

    • SHA512

      87cc3b720ba5b0901963fdeee60254992931a4ea3cd36b2dcd1aeb886563e9e7c39619b5c17716557b2b6a652052c717d9314b724b5dc0b48f3e36ade0aa52f9

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks