General

  • Target

    NEW ORDER 2021.exe

  • Size

    307KB

  • Sample

    211105-p5xfmahabl

  • MD5

    e6bd805df7bb8a90503c4b1f5784bd3c

  • SHA1

    51d0e6942ca0732c5a3f2e2876d9216236bfc178

  • SHA256

    dd07d6d24f528663fa5cb854c523d5ba2b096a9b3dc23b466cef94355f0cdec9

  • SHA512

    f715ddcf9c169cbb2073f7e80afc151c09605717202da13b3eb40841077c2bbbbea4b996b13ca31abd1d6f38e89e583de9c1db7ad908ff5245299e95cc0625a5

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

C2

http://www.thesewhitevvalls.com/b2c0/

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

    • Target

      NEW ORDER 2021.exe

    • Size

      307KB

    • MD5

      e6bd805df7bb8a90503c4b1f5784bd3c

    • SHA1

      51d0e6942ca0732c5a3f2e2876d9216236bfc178

    • SHA256

      dd07d6d24f528663fa5cb854c523d5ba2b096a9b3dc23b466cef94355f0cdec9

    • SHA512

      f715ddcf9c169cbb2073f7e80afc151c09605717202da13b3eb40841077c2bbbbea4b996b13ca31abd1d6f38e89e583de9c1db7ad908ff5245299e95cc0625a5

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks