TT_SWIFT_Export Order_noref S10SMG00318021.exe

General
Target

TT_SWIFT_Export Order_noref S10SMG00318021.exe

Size

653KB

Sample

211125-ty8yasbbb4

Score
10 /10
MD5

fff91c58119d3cd7f68457e8565f7116

SHA1

4201eb7214bd3658889739e4856412b8063e0405

SHA256

f8c0d385ece89cd926b2c74680c036f9927414955e7ff4ed12b576470b8c1745

SHA512

c05cf9e0ed2aad4c08b394d97fc1257d273aa8dd51a45487ba51ff5973ab7b2227aba7ea1e1e8e9daf7416aaea418b06edfa29ff93665f6d3cc5b1a392dbed92

Malware Config

Extracted

Family xloader
Version 2.5
Campaign 46uq
C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

aarondecker.online

environmentalkivul.com

cardsncrepes.com

hopdongdientu-viettel.com

thebroughtguarantee.com

howtofindahotniche.com

1678600.win

pityana.com

akconsultoria.com

markazkreasindo.com

ronniecapitol.com

tailsontour.com

abros88.com

laboratoriodentaltj.com

fuckingmom86.xyz

5pz59.com

centralmadu.com

ispecwar.com

otetransportanddispatching.com

cartaovirtual.net

hsadmin.xyz

xn--12c2bed4dxay5cxdh1s.online

oki-net.com

scenekidfancams.com

preciousmugs.com

754711.com

helpigservices.com

blueharepress.com

xmshzs.com

lovelycharlestonhomes.com

Targets
Target

TT_SWIFT_Export Order_noref S10SMG00318021.exe

MD5

fff91c58119d3cd7f68457e8565f7116

Filesize

653KB

Score
10 /10
SHA1

4201eb7214bd3658889739e4856412b8063e0405

SHA256

f8c0d385ece89cd926b2c74680c036f9927414955e7ff4ed12b576470b8c1745

SHA512

c05cf9e0ed2aad4c08b394d97fc1257d273aa8dd51a45487ba51ff5973ab7b2227aba7ea1e1e8e9daf7416aaea418b06edfa29ff93665f6d3cc5b1a392dbed92

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10