General

  • Target

    VSL_MV SEA-BLUE SHIP OWNERS.exe

  • Size

    288KB

  • Sample

    211123-b3kr6acce2

  • MD5

    0b1723d1301f6c728884ecd4d7d0ae03

  • SHA1

    ae99846517dfd9c3c69ec13285d089ca68419cda

  • SHA256

    2e8dbbac127f620f64817f3674be70bb481ed70e89796f387caed0a11229540c

  • SHA512

    5880ef204c1505200426e1f33af75e064cb425866e68644b4f0ba7d235bc6e273017a22889a6869e146efdaff674c37cd10b416ee9d4d94e3681d1a1dc609d5c

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e8ia

C2

http://www.helpfromjames.com/e8ia/

Decoy

le-hameau-enchanteur.com

quantumsystem-au.club

engravedeeply.com

yesrecompensas.lat

cavallitowerofficials.com

800seaspray.com

skifun-jetski.com

thouartafoot.com

nft2dollar.com

petrestore.online

cjcutthecord2.com

tippimccullough.com

gadget198.xyz

djmiriam.com

bitbasepay.com

cukierniawz.com

mcclureic.xyz

inthekitchenshakinandbakin.com

busy-clicks.com

melaniemorris.online

Targets

    • Target

      VSL_MV SEA-BLUE SHIP OWNERS.exe

    • Size

      288KB

    • MD5

      0b1723d1301f6c728884ecd4d7d0ae03

    • SHA1

      ae99846517dfd9c3c69ec13285d089ca68419cda

    • SHA256

      2e8dbbac127f620f64817f3674be70bb481ed70e89796f387caed0a11229540c

    • SHA512

      5880ef204c1505200426e1f33af75e064cb425866e68644b4f0ba7d235bc6e273017a22889a6869e146efdaff674c37cd10b416ee9d4d94e3681d1a1dc609d5c

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks