51cd4ea4c20552f51824b13af3a93360

General
Target

51cd4ea4c20552f51824b13af3a93360

Size

847KB

Sample

211021-pk26daace2

Score
10 /10
MD5

51cd4ea4c20552f51824b13af3a93360

SHA1

1f85673268160d356cc66056e18e721646a51034

SHA256

891ff9447dec210b5897080666b8281d7387206c14dba7587465e16bd2efa117

SHA512

add0bc6bec599694cdd9c19101edf0b66a914aa4198ed9f10d23e4c14b8bf2708c992917326974007c59c4e6e5c49063c0e1ade25556cdc19ae9dc1a8c79fbcf

Malware Config

Extracted

Family xloader
Version 2.5
Campaign sb6n
C2

http://www.best5amazon.com/sb6n/

Decoy

bogosamba.com

inmobiliariapuertalavilla.com

nopressurewellness.com

hairshopamity.com

epicmoments360.com

tutorgpa.com

fucibou.xyz

135631.com

portraydashcam.com

raqsarabia.com

okantis.net

vongquaykimcuongfreefire.online

prodom.online

5537sbishop.info

lisakenneyinc.com

fivetime.xyz

borzv.com

joungla.com

mas-urbano.com

sjczyw.com

kanesia.com

cursovendasafiliagram.website

lumledstore.com

id-434563.site

tinkerform.com

chainedorchange.com

147149cale.com

windmillbusiness.com

moccocity.com

linkinsense.net

asportrans.com

texasmotorcycletransport.com

unviajeinsospechado.com

rishaande.tech

happylifecompanies.com

thewtot.com

homeyhousy.com

schoolx.space

gr-pcs.com

bedrocksolution.net

investorsbamk.com

rewoodlovro.quest

scratchforce.com

roosteco.com

zacharyparkerporward5.com

itranslate.club

mastessrhalco.com

jytyxyc.xyz

theelegantflamestore.com

grausalvarez.com

Targets
Target

51cd4ea4c20552f51824b13af3a93360

MD5

51cd4ea4c20552f51824b13af3a93360

Filesize

847KB

Score
10 /10
SHA1

1f85673268160d356cc66056e18e721646a51034

SHA256

891ff9447dec210b5897080666b8281d7387206c14dba7587465e16bd2efa117

SHA512

add0bc6bec599694cdd9c19101edf0b66a914aa4198ed9f10d23e4c14b8bf2708c992917326974007c59c4e6e5c49063c0e1ade25556cdc19ae9dc1a8c79fbcf

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Adds policy Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation