General

  • Target

    Unpaid invoice.exe

  • Size

    258KB

  • Sample

    211026-lbbqaahah2

  • MD5

    79c6ad84e9a64439531ef1197e68587b

  • SHA1

    ce9360870150cba1c282b631d7257b5d1f740162

  • SHA256

    eb4f57c9488afdfcae998056c4854f63c921e45d077c4a53fc6d927463ea5267

  • SHA512

    c9b5a09b0f47c4cc9b0d9a6c3cc4d95b3dddf3dedcded68126e407f86e0e340b9c6b240589dfb2e94ae9863619b41862e10e0ac5e1bb86fd6e91cd8446c8ce2f

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

C2

http://www.thesewhitevvalls.com/b2c0/

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

    • Target

      Unpaid invoice.exe

    • Size

      258KB

    • MD5

      79c6ad84e9a64439531ef1197e68587b

    • SHA1

      ce9360870150cba1c282b631d7257b5d1f740162

    • SHA256

      eb4f57c9488afdfcae998056c4854f63c921e45d077c4a53fc6d927463ea5267

    • SHA512

      c9b5a09b0f47c4cc9b0d9a6c3cc4d95b3dddf3dedcded68126e407f86e0e340b9c6b240589dfb2e94ae9863619b41862e10e0ac5e1bb86fd6e91cd8446c8ce2f

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks