General
-
Target
tmp/89f4f79ac4d11f9d5edc1db5526dbc6705c528b3a48d7c103906be084bf91b23.xls
-
Size
229KB
-
Sample
211209-lj1pdacffl
-
MD5
cacad265519e30042811c7a30dcda471
-
SHA1
b82bafb6fbf9d10439bdfa9282df77aa6bfc9fdc
-
SHA256
89f4f79ac4d11f9d5edc1db5526dbc6705c528b3a48d7c103906be084bf91b23
-
SHA512
f29d90114eed77e4b0cf4753d2302e419b156161ea02812c29c78a102a443c07d0b6e9fba227439f44bc87473e601ccd5f768ec9629e8de985f0281e21745658
Malware Config
Extracted
xloader
2.5
ef6c
http://www.fis.photos/ef6c/
gicaredocs.com
govusergroup.com
conversationspit.com
brondairy.com
rjtherealest.com
xn--9m1bq8wgkag3rjvb.com
mylori.net
softandcute.store
ahljsm.com
shacksolid.com
weekendmusecollection.com
gaminghallarna.net
pgonline111.online
44mpt.xyz
ambrandt.com
eddytattoo.com
blendeqes.com
upinmyfeels.com
lacucinadesign.com
docomoau.xyz
Targets
-
-
Target
tmp/89f4f79ac4d11f9d5edc1db5526dbc6705c528b3a48d7c103906be084bf91b23.xls
-
Size
229KB
-
MD5
cacad265519e30042811c7a30dcda471
-
SHA1
b82bafb6fbf9d10439bdfa9282df77aa6bfc9fdc
-
SHA256
89f4f79ac4d11f9d5edc1db5526dbc6705c528b3a48d7c103906be084bf91b23
-
SHA512
f29d90114eed77e4b0cf4753d2302e419b156161ea02812c29c78a102a443c07d0b6e9fba227439f44bc87473e601ccd5f768ec9629e8de985f0281e21745658
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-