General

  • Target

    PURCHASE_ORDER_QUOTE_08974_PDF.exe

  • Size

    335KB

  • Sample

    210929-mcna5sefgr

  • MD5

    da46f894bfb4c008ec86332694e96c4b

  • SHA1

    711061b453fdad42741ffb94e8dd4bc88c843c3e

  • SHA256

    d079479dd85fb94fe08f6cd70cfff35e39c14294174a8ed6f9b480ffc1cbc9b2

  • SHA512

    673fecd3b4bb8693f65c6cccd7dd22097918dcc17afab8fbd637e6c5b7d736c3b9fadef4a9d95a225814fb6239acbe05f090f679c0c631a4b6b3c02078eac01f

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m6rs

C2

http://www.litediv.com/m6rs/

Decoy

globalsovereignbank.com

ktnrape.xyz

churchybulletin.com

ddyla.com

imatge.cat

iwholesalestore.com

cultivapro.club

ibcfcl.com

refurbisheddildo.com

killerinktnpasumo4.xyz

mdphotoart.com

smi-ity.com

stanprolearningcenter.com

companyintelapp.com

tacticarc.com

soolls.com

gra68.net

cedricettori.digital

mossobuy.com

way2liv.com

Targets

    • Target

      PURCHASE_ORDER_QUOTE_08974_PDF.exe

    • Size

      335KB

    • MD5

      da46f894bfb4c008ec86332694e96c4b

    • SHA1

      711061b453fdad42741ffb94e8dd4bc88c843c3e

    • SHA256

      d079479dd85fb94fe08f6cd70cfff35e39c14294174a8ed6f9b480ffc1cbc9b2

    • SHA512

      673fecd3b4bb8693f65c6cccd7dd22097918dcc17afab8fbd637e6c5b7d736c3b9fadef4a9d95a225814fb6239acbe05f090f679c0c631a4b6b3c02078eac01f

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks