Resubmissions

21-10-2021 12:23

211021-pkp6tabbdj 10

21-10-2021 10:11

211021-l7x86abaak 10

General

  • Target

    371c76d36256463a54d34e12d6741720

  • Size

    251KB

  • Sample

    211021-l7x86abaak

  • MD5

    371c76d36256463a54d34e12d6741720

  • SHA1

    41843093a5b3a7f5712abd30937004b203851252

  • SHA256

    4de35ea5d1f54708e27e4806246a6c9d9b2217cfef24c7b2321a8f6026c5d98c

  • SHA512

    f2e87fb4628a8b413ced0d92bcedafc4667e8655ac2c13fa15b7f806ddd19daec919003da80f4157f83e5a24b24a4ccac98c2dfd351227b6a549443c8e7c5759

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m5cw

C2

http://www.art-for-a-cause.com/m5cw/

Decoy

stolpfabriken.com

aromaessentialco.com

rmcclaincpa.com

wuruixin.com

sidhyanticlasses.com

horilka.store

organic-outlaws.com

customsoftwarelogistics.com

cheryltesting.com

thecompacthomegym.com

the22yards.club

quickloanprovidersservices.com

grippyent.com

guard-usa.com

agircredit.com

classificationmetallurgie.com

quizzesandcode.com

catdanos.com

8676789.rest

gotbestshavlngplansforyou.com

Targets

    • Target

      371c76d36256463a54d34e12d6741720

    • Size

      251KB

    • MD5

      371c76d36256463a54d34e12d6741720

    • SHA1

      41843093a5b3a7f5712abd30937004b203851252

    • SHA256

      4de35ea5d1f54708e27e4806246a6c9d9b2217cfef24c7b2321a8f6026c5d98c

    • SHA512

      f2e87fb4628a8b413ced0d92bcedafc4667e8655ac2c13fa15b7f806ddd19daec919003da80f4157f83e5a24b24a4ccac98c2dfd351227b6a549443c8e7c5759

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks