General
-
Target
4527636110540800.zip
-
Size
194KB
-
Sample
211223-etpljahfem
-
MD5
9dc0365f7e8d437f9d85797c02e65370
-
SHA1
4a78a78b00f5e5054051ed5e582d7fdb639d96c8
-
SHA256
5d2be550db7b54a3bb218ccc00904299863d2acc71095fc28d470488b0f1aca0
-
SHA512
095642c3e10a9b1251c83102110d814db7914f740a86b1bea74e5a817af2ff582215a2223d951cf193f9c870e947a89567f70bfe01a88eb3828749c98aabcfa1
Malware Config
Extracted
xloader
2.5
pzi0
laylmodest.com
woruke.club
metaverseslots.net
syscogent.net
aluxxenterprise.com
lm-solar.com
lightempirestore.com
witcheboutique.com
hometech-bosch.xyz
expert-netcad.com
poteconomist.com
mycousinsfriend.biz
shineveranda.com
collegedictionary.cloud
zqlidexx.com
businessesopportunity.com
2utalahs4.com
participatetn.info
dare2ownit.com
varser.com
Targets
-
-
Target
d2d96154024ca3137cd2e84d367053ea8e0de0459a781356577a3ba775c1fb8e
-
Size
354KB
-
MD5
4e5cc8fddecae16e747e6b1a48b31cd5
-
SHA1
9195d4069bc82b38261bb9ec58333921e7164eac
-
SHA256
d2d96154024ca3137cd2e84d367053ea8e0de0459a781356577a3ba775c1fb8e
-
SHA512
fa27ad2184bc22d0d7784e1ecffd049266c43b196635373e73280d71e244061687113143361e8466f29f489259afd0b18e8c50ffb37007cc199fea0e28475ad1
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-