General

  • Target

    soa#2021011015.exe

  • Size

    286KB

  • Sample

    211115-n86yssaaf8

  • MD5

    77f19e38f4e1eeb655d01114be0e710c

  • SHA1

    a7bbc2ed7b159f441107d43dcceca5be98623556

  • SHA256

    f9744d616627a9e5640bfb7cc0c88b03e52b53141f1647c57a3b3d77766d510d

  • SHA512

    1c0f548fe3cc9e4a7ac16d7365b7f11f475b9e78daff61b548d1a7f45b7c5b633d82fdb770b079dfd51bbb0d5ee85a8891c411d1de925720184385071101db5f

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e8ia

C2

http://www.helpfromjames.com/e8ia/

Decoy

le-hameau-enchanteur.com

quantumsystem-au.club

engravedeeply.com

yesrecompensas.lat

cavallitowerofficials.com

800seaspray.com

skifun-jetski.com

thouartafoot.com

nft2dollar.com

petrestore.online

cjcutthecord2.com

tippimccullough.com

gadget198.xyz

djmiriam.com

bitbasepay.com

cukierniawz.com

mcclureic.xyz

inthekitchenshakinandbakin.com

busy-clicks.com

melaniemorris.online

Targets

    • Target

      soa#2021011015.exe

    • Size

      286KB

    • MD5

      77f19e38f4e1eeb655d01114be0e710c

    • SHA1

      a7bbc2ed7b159f441107d43dcceca5be98623556

    • SHA256

      f9744d616627a9e5640bfb7cc0c88b03e52b53141f1647c57a3b3d77766d510d

    • SHA512

      1c0f548fe3cc9e4a7ac16d7365b7f11f475b9e78daff61b548d1a7f45b7c5b633d82fdb770b079dfd51bbb0d5ee85a8891c411d1de925720184385071101db5f

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks