General
-
Target
DN_467842234567.rar
-
Size
239KB
-
Sample
210927-nfnazsgfdn
-
MD5
da06995dfb8ffb16b4c2a3d6f3ec8ead
-
SHA1
16dfc064a9149586e270d8d80df3d8c6fb534f9b
-
SHA256
0c9a10a84e9a365e394d33848ee0951c0f1e47faa5e2acabaf3fed27b6020a2c
-
SHA512
57eaadc0327d8113b8c5cdb99fd050f160fd0988a9d6db1651121f85771ca94360299b169728f6e5e2f9cb7b623f603a0f1b6e090297da35c96005d2f9afff37
Malware Config
Extracted
xloader
2.4
r95e
http://www.bofight.store/r95e/
mindyourbusinesscoin.com
melandri.club
13011196.com
bespinpoker.com
ohchainpodklo.xyz
paolacapitanio.com
hnczppjs.com
healthygold-carefit.club
drive16pay.art
5foldmastermind.com
especialistasorteios.online
cjcveterotqze.com
originaldigitalspaces.com
21lawsofconfidence.com
uscryptomininglaws.com
nilist.xyz
bergstromgreenholt.icu
dumbasslures.com
companieus.com
2gtfy0.com
Targets
-
-
Target
DN_467842234567.exe
-
Size
253KB
-
MD5
c16013ea29f9dd1525dcb65c2184784e
-
SHA1
5afd533f29573050734e428f9f8c9ba08c79546a
-
SHA256
df05d916a02c09e1dba0df0841f93697e407a334ce8d2371dfe8befd909d8a43
-
SHA512
87c9e01aac687d2c675cb281592c930ce7bfefebc4eecde4135834bf896265d0238f9afc98726214fc30ef19c2528740aadf12df00e7cb44c469e56d5e9eefca
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-