General
-
Target
b6a81cd859b1f1c626d3202bf8da8a71
-
Size
810KB
-
Sample
210927-erx5wsffh4
-
MD5
b6a81cd859b1f1c626d3202bf8da8a71
-
SHA1
b61a593a3b9a98b525a6b6613d105e6b768c9b31
-
SHA256
d6456da8222e011fc380867758b9841728e223ff6addf03d48009de853368ff0
-
SHA512
319c7eec5fcd9572fb460fc2956391325cf9b93656ce12fb851fa32ebc0a0d29f0f816828c371e2525e1b8f9ad0022324ff1a6ee706579cabc13060ba132dcbc
Malware Config
Extracted
xloader
2.5
tows
http://www.steadycycling.com/tows/
affordableorganizing.net
airstreamnear.com
mindequalsmoney.com
ganleychevybuyscars.com
g17cp.com
flahertystudios.com
jermainemyersonlam.com
ivermectinbuyonline.online
leapconfront.com
rosevillerose.com
fjlypc.com
jugnievents.com
fulvicgump.com
lawofficeofgeorgeefootepx.com
cityinfoyellowpagesnepal.com
thenorthfacesale.online
citadel-soft.com
real-estate-lake-tahoe.com
middleeastclean.services
xinsufu.xyz
Targets
-
-
Target
b6a81cd859b1f1c626d3202bf8da8a71
-
Size
810KB
-
MD5
b6a81cd859b1f1c626d3202bf8da8a71
-
SHA1
b61a593a3b9a98b525a6b6613d105e6b768c9b31
-
SHA256
d6456da8222e011fc380867758b9841728e223ff6addf03d48009de853368ff0
-
SHA512
319c7eec5fcd9572fb460fc2956391325cf9b93656ce12fb851fa32ebc0a0d29f0f816828c371e2525e1b8f9ad0022324ff1a6ee706579cabc13060ba132dcbc
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Suspicious use of SetThreadContext
-