HSBC TT Copy 101121.rar

General
Target

HSBC TT Copy 101121.rar

Size

257KB

Sample

211110-ncn34seafm

Score
10 /10
MD5

e985e93838b11ab6b2c9098533dca3fc

SHA1

e45208ffc5b146291dc03a7bcaedf8ba6d12719c

SHA256

f8462a7ddd9a00c4be6517774fd8826064e9ccf29cd1e3764a91c5f17c223fa2

SHA512

9599f6cfb852269899bb91bc5a36ec9b408dec33bbd1f5356db8aaf14cdf0e7c8e00a7c32254896164db9c145f390b85d00175765bf60b78a95800c1f2e196b8

Malware Config

Extracted

Family xloader
Version 2.5
Campaign e8ia
C2

http://www.helpfromjames.com/e8ia/

Decoy

le-hameau-enchanteur.com

quantumsystem-au.club

engravedeeply.com

yesrecompensas.lat

cavallitowerofficials.com

800seaspray.com

skifun-jetski.com

thouartafoot.com

nft2dollar.com

petrestore.online

cjcutthecord2.com

tippimccullough.com

gadget198.xyz

djmiriam.com

bitbasepay.com

cukierniawz.com

mcclureic.xyz

inthekitchenshakinandbakin.com

busy-clicks.com

melaniemorris.online

elysiangp.com

7bkj.com

wakeanddraw.com

ascalar.com

iteraxon.com

henleygirlscricket.com

torresflooringdecorllc.com

helgquieta.quest

xesteem.com

graffity-aws.com

bolerparts.com

andriylysenko.com

bestinvest-4-you.com

frelsicycling.com

airductcleaningindianapolis.net

nlproperties.net

alkoora.xyz

sakiyaman.com

wwwsmyrnaschooldistrict.com

unitedsafetyassociation.com

fiveallianceapparel.com

edgelordkids.com

herhauling.com

intelldat.com

weprepareamerica-planet.com

webartsolution.net

yiquge.com

marraasociados.com

dentalimplantnearyou-ca.space

linemanbible.com

Targets
Target

SOA_OCT 2021.exe

MD5

75f24a7fd78d30dc1287852829e55fe1

Filesize

269KB

Score
10/10
SHA1

b5a09b34b18f14d44c311f84a5e705bdc6684e0c

SHA256

fcf7e7eea1f4983f876bb52b0e40e09fedf69a92dcec11be50ff87e169824601

SHA512

58e19c58f39ca00ff9d5be73271471eff557b7d5041d6f3d99dbb0f6417212e351f45199548e7884c5f54e52c56d8dab4d52c0f500627ca7c4647407f9c91b6d

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10