remittance advice_001001098.exe

General
Target

remittance advice_001001098.exe

Size

331KB

Sample

211126-ppg11acccn

Score
10 /10
MD5

7877a7074c688baf439f7ec1ab150682

SHA1

6c2539fb927b57388866f1c072cdf681b585fb2a

SHA256

08ade6bd3efcd20c80defdde936ef1329713af42d28889ffb69ba26b321a297f

SHA512

6e5dff775fe478634fc3553b0bed3e9e9fda7a956cc17743f2b1b27e06256008ba7bc229d55a409cb710f078c97b70bb709c764b9fc144c0700d77dab6f83402

Malware Config

Extracted

Family xloader
Version 2.5
Campaign e8ia
C2

http://www.helpfromjames.com/e8ia/

Decoy

le-hameau-enchanteur.com

quantumsystem-au.club

engravedeeply.com

yesrecompensas.lat

cavallitowerofficials.com

800seaspray.com

skifun-jetski.com

thouartafoot.com

nft2dollar.com

petrestore.online

cjcutthecord2.com

tippimccullough.com

gadget198.xyz

djmiriam.com

bitbasepay.com

cukierniawz.com

mcclureic.xyz

inthekitchenshakinandbakin.com

busy-clicks.com

melaniemorris.online

elysiangp.com

7bkj.com

wakeanddraw.com

ascalar.com

iteraxon.com

henleygirlscricket.com

torresflooringdecorllc.com

helgquieta.quest

xesteem.com

graffity-aws.com

bolerparts.com

andriylysenko.com

bestinvest-4-you.com

frelsicycling.com

airductcleaningindianapolis.net

nlproperties.net

alkoora.xyz

sakiyaman.com

wwwsmyrnaschooldistrict.com

unitedsafetyassociation.com

fiveallianceapparel.com

edgelordkids.com

herhauling.com

intelldat.com

weprepareamerica-planet.com

webartsolution.net

yiquge.com

marraasociados.com

dentalimplantnearyou-ca.space

linemanbible.com

Targets
Target

remittance advice_001001098.exe

MD5

7877a7074c688baf439f7ec1ab150682

Filesize

331KB

Score
10/10
SHA1

6c2539fb927b57388866f1c072cdf681b585fb2a

SHA256

08ade6bd3efcd20c80defdde936ef1329713af42d28889ffb69ba26b321a297f

SHA512

6e5dff775fe478634fc3553b0bed3e9e9fda7a956cc17743f2b1b27e06256008ba7bc229d55a409cb710f078c97b70bb709c764b9fc144c0700d77dab6f83402

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10