General

  • Target

    E20210917ML-RFQ.arj

  • Size

    450KB

  • Sample

    210927-xr3dqahha9

  • MD5

    62354d340ff801e6487a011c6fba304f

  • SHA1

    471994656dfddc25f14e5965d74dcd3cd11c877b

  • SHA256

    2dcb33954614d11cded983267f1e67bab73b383f846170e34f54bb745b05b995

  • SHA512

    11d06ccde17dc9e6e0e8e7d23576e60940e27d3b68f85448e76342a7874b1941ce6a5ab1cb0fe19e1bc1c5961e7c91033f373b1a281e9ae6e45e2434bbd8faa2

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

a6er

C2

http://www.revivalgomghw.xyz/a6er/

Decoy

floetic.club

deepspotters.com

tibo-dev.tech

kcmade.xyz

haulseattle.com

ceroli-dolci.com

chenkaichuangke.com

citycloudconsulting.online

rusunmedical.com

ingeborg-art.com

asianm.art

private-clicks.com

metalcorpperu.com

beautifulingodseyes.com

phutungxenangnguoi.com

shots-photo.com

wirlessjuicers.com

sadyrossiiural.com

jiho9jye.xyz

molilii.com

Targets

    • Target

      E20210917ML-RFQ.exe

    • Size

      631KB

    • MD5

      4bb97838f22e7d33122a38105b252b9e

    • SHA1

      770a4807a1e32a8fbb765e3540d54c30bdd5c131

    • SHA256

      c507c6ca8c3d71feb2af8d83136736bd2407fef4a26c9e681426be5501d4742c

    • SHA512

      fd23aa8b75501d5a09fcb6c8c4ac2bc7406e0a73a7dc0215b3a1de8a4a31a418bee21fc750335c9de4652e62a7a9a4a409bf110d9a1bc49df9318ab38ba08cb5

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks