General

  • Target

    tmp/a3339059-12f1-4e1d-aa46-b3ec1662c596_vbc.exe

  • Size

    457KB

  • Sample

    211218-fm17esfcdj

  • MD5

    e4133afba26efde5b01959df65c3eeb4

  • SHA1

    ea2b48d0f50918e47b4657fd5774c2766c640f0a

  • SHA256

    b30e2fa345e02eecf58f3672cab4f07b4c6f84712c7dee9a64ca3005ac7bf255

  • SHA512

    563b0a1c9663c7c8a768ca6a50e8a27aa775a15282bf9dc00dc03d24ce8114a4c521d250e8ca49dea05549b791806dcd91bb856f8aa725155b2d52c19f7392ba

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

    • Target

      tmp/a3339059-12f1-4e1d-aa46-b3ec1662c596_vbc.exe

    • Size

      457KB

    • MD5

      e4133afba26efde5b01959df65c3eeb4

    • SHA1

      ea2b48d0f50918e47b4657fd5774c2766c640f0a

    • SHA256

      b30e2fa345e02eecf58f3672cab4f07b4c6f84712c7dee9a64ca3005ac7bf255

    • SHA512

      563b0a1c9663c7c8a768ca6a50e8a27aa775a15282bf9dc00dc03d24ce8114a4c521d250e8ca49dea05549b791806dcd91bb856f8aa725155b2d52c19f7392ba

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks