payment advice_29011021.exe

General
Target

payment advice_29011021.exe

Size

292KB

Sample

211129-gs7rtsefc2

Score
10 /10
MD5

9fd9757825549183fb53a8a7cbd0a11b

SHA1

3d24fae431c8c37b50fc0c8f6ca95af1ae19ce9e

SHA256

237b6ac1943742314565dfdcc34a5c17f475462ae4399a9a9765bbbd6c679c99

SHA512

b0c762e6393b883925368b520087618082e8e8cdb0885b888a5a787ce5525bd89e7b8799486013cceb84460e3bd793d4a4e415288334fdf62a8b52397aef7222

Malware Config

Extracted

Family xloader
Version 2.5
Campaign e8ia
C2

http://www.helpfromjames.com/e8ia/

Decoy

le-hameau-enchanteur.com

quantumsystem-au.club

engravedeeply.com

yesrecompensas.lat

cavallitowerofficials.com

800seaspray.com

skifun-jetski.com

thouartafoot.com

nft2dollar.com

petrestore.online

cjcutthecord2.com

tippimccullough.com

gadget198.xyz

djmiriam.com

bitbasepay.com

cukierniawz.com

mcclureic.xyz

inthekitchenshakinandbakin.com

busy-clicks.com

melaniemorris.online

elysiangp.com

7bkj.com

wakeanddraw.com

ascalar.com

iteraxon.com

henleygirlscricket.com

torresflooringdecorllc.com

helgquieta.quest

xesteem.com

graffity-aws.com

bolerparts.com

andriylysenko.com

bestinvest-4-you.com

frelsicycling.com

airductcleaningindianapolis.net

nlproperties.net

alkoora.xyz

sakiyaman.com

wwwsmyrnaschooldistrict.com

unitedsafetyassociation.com

fiveallianceapparel.com

edgelordkids.com

herhauling.com

intelldat.com

weprepareamerica-planet.com

webartsolution.net

yiquge.com

marraasociados.com

dentalimplantnearyou-ca.space

linemanbible.com

Targets
Target

payment advice_29011021.exe

MD5

9fd9757825549183fb53a8a7cbd0a11b

Filesize

292KB

Score
10/10
SHA1

3d24fae431c8c37b50fc0c8f6ca95af1ae19ce9e

SHA256

237b6ac1943742314565dfdcc34a5c17f475462ae4399a9a9765bbbd6c679c99

SHA512

b0c762e6393b883925368b520087618082e8e8cdb0885b888a5a787ce5525bd89e7b8799486013cceb84460e3bd793d4a4e415288334fdf62a8b52397aef7222

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      1/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10