General

  • Target

    85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71

  • Size

    939KB

  • Sample

    211216-y7vt9acha8

  • MD5

    cd1f4fa4338ae35dc3e24b7d4fdd2c36

  • SHA1

    35585771c3637ad3df287166a5873f1587003194

  • SHA256

    85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71

  • SHA512

    629cbd4806d4aa68c7f4223180d5c2a06378c9a5f1b7c3587f6e3f375ce5fdbc7eff20b0e9f24458d6c0eaa41c79ef786bd54b0e7c7eebf3a1c103b4eff4c669

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ea0r

Decoy

lionheartcreativestudios.com

konzertmanagement.com

blackpanther.online

broychim-int.com

takut18.com

txstarsolar.com

herdsherpa.com

igorshestakov.com

shinesbox.com

reflectpkljlt.xyz

oiltoolshub.com

viralmoneychallenge.com

changingalphastrategies.com

mecitiris.com

rdadmin.online

miniambiente.com

kominarcine.com

pino-almond.com

heihit.xyz

junqi888.com

Targets

    • Target

      85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71

    • Size

      939KB

    • MD5

      cd1f4fa4338ae35dc3e24b7d4fdd2c36

    • SHA1

      35585771c3637ad3df287166a5873f1587003194

    • SHA256

      85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71

    • SHA512

      629cbd4806d4aa68c7f4223180d5c2a06378c9a5f1b7c3587f6e3f375ce5fdbc7eff20b0e9f24458d6c0eaa41c79ef786bd54b0e7c7eebf3a1c103b4eff4c669

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks