General
-
Target
51195e0d79dacd68acd8b5bcbc356ab1
-
Size
378KB
-
Sample
210928-jbx76sbbbj
-
MD5
51195e0d79dacd68acd8b5bcbc356ab1
-
SHA1
b2578edd7f1a89474639271df4c7cf0cba336a05
-
SHA256
129d230573fdb00a681a7f0c507bc16d2efcd08c4408f544f1d7653162b2cd92
-
SHA512
81cb6dc51d75a4bf734ba73ad30175c80066953ded42b46fe16935eb8cc5ed4fa8513f6082707e1ad42c0bb60723b45dc7963ef72ea57d8e18cc2ec43d7720e8
Malware Config
Extracted
xloader
2.5
mjyv
http://www.simpeltattofor.men/mjyv/
wenyuexuan.com
tropicaldepression.info
healthylifefit.com
reemletenleafy.com
jmrrve.com
mabduh.com
esomvw.com
selfcaresereneneness.com
murdabudz.com
meinemail.online
brandqrcodes.com
live-in-pflege.com
nickrecovery.com
ziototoristorante.com
chatcure.com
corlora.com
localagentlab.com
yogo7.net
krveop.com
heianswer.xyz
Targets
-
-
Target
51195e0d79dacd68acd8b5bcbc356ab1
-
Size
378KB
-
MD5
51195e0d79dacd68acd8b5bcbc356ab1
-
SHA1
b2578edd7f1a89474639271df4c7cf0cba336a05
-
SHA256
129d230573fdb00a681a7f0c507bc16d2efcd08c4408f544f1d7653162b2cd92
-
SHA512
81cb6dc51d75a4bf734ba73ad30175c80066953ded42b46fe16935eb8cc5ed4fa8513f6082707e1ad42c0bb60723b45dc7963ef72ea57d8e18cc2ec43d7720e8
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-