General
-
Target
Comanda, factura proforma.zip
-
Size
353KB
-
Sample
211124-ln62yscchl
-
MD5
26c8d2ce44781a6b6fd80d2e2cf4ea16
-
SHA1
ee33f402325fb2697ad95f96bbd01f184d5109bb
-
SHA256
ea828f4b77fa4128a394d3c81be7d569736c07ddaa4e5243a1a2669522bcc552
-
SHA512
b3145290223e5033b14984da2d6691f7681d75b84a14189f5903f18e40f01bec78c0e46dc578cb47251f9a19a1e10006fadb222c798f16ea02b97c797532502c
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
Targets
-
-
Target
Comanda, factura proforma.exe
-
Size
714KB
-
MD5
d0374233b4f0b5872d99e4f91d7ef727
-
SHA1
36d3f48474f4ae50efe5108cdbeff33f621b33c1
-
SHA256
640632c9b58708ac0a556ebcbe773fbf391caf17ceac6e444b66679cc89bacbf
-
SHA512
009335b8f789ab5428d6797f04a1dfd33da8fcfeb87ed179de549d00a6c8e2047232240fcbd89d0ca1f20c5024c0311708d68c7732019049c16727bcaa7627fc
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-