General
-
Target
HSBC TT Copy 101121.rar
-
Size
257KB
-
Sample
211110-ncn34seafm
-
MD5
e985e93838b11ab6b2c9098533dca3fc
-
SHA1
e45208ffc5b146291dc03a7bcaedf8ba6d12719c
-
SHA256
f8462a7ddd9a00c4be6517774fd8826064e9ccf29cd1e3764a91c5f17c223fa2
-
SHA512
9599f6cfb852269899bb91bc5a36ec9b408dec33bbd1f5356db8aaf14cdf0e7c8e00a7c32254896164db9c145f390b85d00175765bf60b78a95800c1f2e196b8
Malware Config
Extracted
xloader
2.5
e8ia
http://www.helpfromjames.com/e8ia/
le-hameau-enchanteur.com
quantumsystem-au.club
engravedeeply.com
yesrecompensas.lat
cavallitowerofficials.com
800seaspray.com
skifun-jetski.com
thouartafoot.com
nft2dollar.com
petrestore.online
cjcutthecord2.com
tippimccullough.com
gadget198.xyz
djmiriam.com
bitbasepay.com
cukierniawz.com
mcclureic.xyz
inthekitchenshakinandbakin.com
busy-clicks.com
melaniemorris.online
Targets
-
-
Target
SOA_OCT 2021.exe
-
Size
269KB
-
MD5
75f24a7fd78d30dc1287852829e55fe1
-
SHA1
b5a09b34b18f14d44c311f84a5e705bdc6684e0c
-
SHA256
fcf7e7eea1f4983f876bb52b0e40e09fedf69a92dcec11be50ff87e169824601
-
SHA512
58e19c58f39ca00ff9d5be73271471eff557b7d5041d6f3d99dbb0f6417212e351f45199548e7884c5f54e52c56d8dab4d52c0f500627ca7c4647407f9c91b6d
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-