General
-
Target
HSBC_2021-25-10-017822019.cab
-
Size
314KB
-
Sample
211025-kzv86aghak
-
MD5
40e22be12bfa46935f5d756dc7354c07
-
SHA1
34324613704e3a835873142865cbfb6d1dbf55d8
-
SHA256
af331eef6acd7bc79ee5bf88aaea16d8fc137af936d02ae43b5d02fbc320a7f3
-
SHA512
b073947c12994d38201311813c798370e478c74a8ce280d8609661f60768d13c0e57cb5dec28f6ebebc7ead088086d47ca317bc72e00926547e9ca9b9e82138d
Malware Config
Extracted
xloader
2.5
ntfs
http://www.164661.com/ntfs/
cast-host.com
sheenwoman.com
cateringpairs.com
butikgamis.com
esd66.com
beautystaze.com
findavetnearme.com
lyketigers.com
nesboutiqe.com
jadeutil.com
survivalfresh.com
realestatebramlett.com
glorynap.com
awards.institute
huangtapps.com
beyondwithyou.com
cryptocustomerhelp.com
plataformasoma.net
lstpark.com
noalareelecionindefinida.com
Targets
-
-
Target
HSBC_2021-25-10-017822019.exe
-
Size
331KB
-
MD5
21dc547b12a42d23141c3a6321518e83
-
SHA1
3f42a80a0ae6b917c0bc8486ea9b0b488e1619d2
-
SHA256
754ba27dca23858f64933493e0162b9745b93a6c87cd0868bfec0019c88ed4e0
-
SHA512
414ca9a23af8acf0e6158f596ead3af66bb8d7ce59f60820fa2f3a54a8df5f4977b8f3a5dfd48ec75eca195a7d2324394674bcbf221685ea01e89d942ffe2b1c
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-