Resubmissions

27-09-2021 02:22

210927-ct33tafeam 10

24-09-2021 08:23

210924-kah8asgda9 10

General

  • Target

    45e4621118dc78b668c79ca4c7918f4fc09b3d419069d9341c10e03f2e4d3363.zip

  • Size

    520KB

  • Sample

    210927-ct33tafeam

  • MD5

    05f291fbaec424e70e0ee098e7dc9038

  • SHA1

    d3bcc743a5c194f3bb506f6d331a10b29c88bd4d

  • SHA256

    8b5e45762b7ac4c0d1df861b21bae63c13f9f580668910c94f310079306acd7b

  • SHA512

    d463f1b43d11899ed62b56d70404e61a0533d4a1cc08b6cad5151d67de18147bb4438d51c6c7118e8f0962e44b896f379552294ac32d8c71884ace12bd08dd9b

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tr7h

C2

http://www.globalinterchangellc.com/tr7h/

Decoy

hnhstudios.com

du-lang.com

lonestartradeoilllc.com

criptool.online

rebus-automotive.com

boxedwallconsepts.net

helixarray.com

jinqiaodianfen.com

goldenwaxi.com

comprarloterianacional.com

digebitdigital.com

cryptoupp.com

332151.com

bousui.club

redakassoumeh.com

giantinosglobalreachstore.com

resultsnft.com

papicolar.com

juvesti.com

tax-kaikei.com

Targets

    • Target

      45e4621118dc78b668c79ca4c7918f4fc09b3d419069d9341c10e03f2e4d3363

    • Size

      646KB

    • MD5

      e9c787ebeebf1396c2fe4ccb57cbaed2

    • SHA1

      9f88c2ee156e4757543dc5fed8f5d15388ff8548

    • SHA256

      45e4621118dc78b668c79ca4c7918f4fc09b3d419069d9341c10e03f2e4d3363

    • SHA512

      942cc1021d033da4f3901bad8bd2e4c5c904367ed6b5a375e275e0385eae24f7036082b1636decb1da3a3af0d0f3152c142605bbc3e08c311ceb0527b61b0b55

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks