General
-
Target
New order payment.exe
-
Size
248KB
-
Sample
211027-rl9yqahbdp
-
MD5
0c301355b11c3bc570d18b02bb7c99d8
-
SHA1
b35295390555e6fc0b85d538dafbfb4cf8c68564
-
SHA256
77abd0b0f20b0ca86c241acf5d5d60188362e75213f894b7bea82c8f75a3c1b1
-
SHA512
a84f50ca4ab7f2e7d29388dfc3ddd152437ad049a0b61d30462f0a2fcfbc21e0810bd5851bcae172c613eebf8c4c70c5073c3f641beca700acaa6d35582b3e25
Malware Config
Extracted
xloader
2.5
u9xn
http://www.crisisinterventionadvocates.com/u9xn/
lifeguardingcoursenearme.com
bolsaspapelcdmx.com
parsleypkllqu.xyz
68134.online
shopthatlookboutique.com
canlibahisportal.com
oligopoly.city
srchwithus.online
151motors.com
17yue.info
auntmarysnj.com
hanansalman.com
heyunshangcheng.info
doorslamersplus.com
sfcn-dng.com
highvizpeople.com
seoexpertinbangladesh.com
christinegagnonjewellery.com
artifactorie.biz
mre3.net
Targets
-
-
Target
New order payment.exe
-
Size
248KB
-
MD5
0c301355b11c3bc570d18b02bb7c99d8
-
SHA1
b35295390555e6fc0b85d538dafbfb4cf8c68564
-
SHA256
77abd0b0f20b0ca86c241acf5d5d60188362e75213f894b7bea82c8f75a3c1b1
-
SHA512
a84f50ca4ab7f2e7d29388dfc3ddd152437ad049a0b61d30462f0a2fcfbc21e0810bd5851bcae172c613eebf8c4c70c5073c3f641beca700acaa6d35582b3e25
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-