HSBC TT Copy 101121.rar

General
Target

HSBC TT Copy 101121.rar

Size

244KB

Sample

211116-ybyw2acbfr

Score
10 /10
MD5

85d1b77e49b292efda384c4ca43836b9

SHA1

e4f9998c48220fea06cb1f372c68c2b3c56666b5

SHA256

ded8c07fb7142ba39946dd3aaac2ec104a19cd919f4e7a7eda7781db6e3816ee

SHA512

9c66e2c19aeb8bd95732c87dd0fc73280cf9182a1810fe1b1e9c7504df5a86a3b04aaaa26b952d089c4ef78bcf190885e7179c854e978cff6f6d0a34d66c890e

Malware Config

Extracted

Family xloader
Version 2.5
Campaign e8ia
C2

http://www.helpfromjames.com/e8ia/
Decoy

le-hameau-enchanteur.com

quantumsystem-au.club

engravedeeply.com

yesrecompensas.lat

cavallitowerofficials.com

800seaspray.com

skifun-jetski.com

thouartafoot.com

nft2dollar.com

petrestore.online

cjcutthecord2.com

tippimccullough.com

gadget198.xyz

djmiriam.com

bitbasepay.com

cukierniawz.com

mcclureic.xyz

inthekitchenshakinandbakin.com

busy-clicks.com

melaniemorris.online

elysiangp.com

7bkj.com

wakeanddraw.com

ascalar.com

iteraxon.com

henleygirlscricket.com

torresflooringdecorllc.com

helgquieta.quest

xesteem.com

graffity-aws.com

bolerparts.com

andriylysenko.com

bestinvest-4-you.com

frelsicycling.com

airductcleaningindianapolis.net

nlproperties.net

alkoora.xyz

sakiyaman.com

wwwsmyrnaschooldistrict.com

unitedsafetyassociation.com

fiveallianceapparel.com

edgelordkids.com

herhauling.com

intelldat.com

weprepareamerica-planet.com

webartsolution.net

yiquge.com

marraasociados.com

dentalimplantnearyou-ca.space

linemanbible.com
Targets
Target

REVISE 50% OCTA INVOICE.exe

MD5

093048c24b9994fef2130cd8457e7a4b

Filesize

257KB

Score
10/10
SHA1

f3c31eefe661b1febc80c0865af8f4fd1385ac7f

SHA256

0e803b7715385244cae58772b5b0da43b7cca6a97c5ffd182081eca8676ff5d7

SHA512

e95142b25ae3078c642df183213ed06ccb0b5b65c4b25c3844803258d8b149c3570fdd00a25b539199f44ad10877c37139e430febe304ad6860511c379d4a2ba

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
          Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      1/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10