General

  • Target

    Auftragsbesttigung _ Dringend,pdf.iso

  • Size

    280KB

  • Sample

    211021-1hsppsagh6

  • MD5

    67018c9b05bc50bbea218f44f73c0d99

  • SHA1

    d2f2ec186606fa4c25189ad3ae007c5622b26b4d

  • SHA256

    34186b68ffe327fca9115baf4930a4c5fe30d7da9dbf9674b524b1e3c6a2e45d

  • SHA512

    9058fd73e6814f00b1e14c91580d3464bebb988134ec722567e9f408da3c4bf6a21675bd6a8b43f40123be738da7ee6abcbe19b65196e56ed907c29fef66eead

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g8ne

C2

http://www.melindair.xyz/g8ne/

Decoy

freesiacreations.com

ecopolymer.group

ahb9.com

ramapuramholdings.com

urban-gourmets.com

8xaocu.xyz

lancasteremerald.com

aktau.group

thebeachseekers.com

ki5rod.com

nmsships.com

dppu56.com

hairwegoca.net

aratakablogz.com

staunchgomkdt.xyz

leslaw.us

restaurantperladelmare.com

martensakcio.com

motherssecret.store

deersolutionsfranchising.com

Targets

    • Target

      Auftragsbestätigung _ Dringend,pdf.exe

    • Size

      219KB

    • MD5

      0ddde155326de70440f021dbc056c60c

    • SHA1

      0b64c9c388d608bde8cdad23e8b9bd4dd6a5e853

    • SHA256

      7343b0ea906aec70736bf6eaff3c05833b596e664cb208cc4fd474b49b273e27

    • SHA512

      21a6d076e41df579ae3f80d81a6b7b26ace0f31223b5389b4e132d7fc932fbc5a5d4f134e3da09b5fef9ea6ac540afe0b34ed1cb661ace52d5f94538cf8b5e41

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks