General
-
Target
TRANSFER schnell pdf.exe.xz
-
Size
346KB
-
Sample
220126-ltcejabhb7
-
MD5
58caf63f996ce6c9355fd77de7f03ba6
-
SHA1
27ed08f7da1df739c84c9e629b1db50ad4511b20
-
SHA256
8229a6818eba99a00484434b9af969c782a22f88e9d7589a431d373c56e5cf8b
-
SHA512
3826b252b9eeda53afc68be4029dbeb0a98e20f5ed26ae7b54882a7881bf8706b8cbf4f51fc861076838360973797aab9c5dd2b2c729704ed70bba007c900e36
Malware Config
Extracted
xloader
2.5
gqvv
the-pumps.com
imagepixo.com
gloriamcarter.com
cedacventures.com
chengxinyuan.online
evesfashion.online
relyoncarlos.com
marinayouth.com
hbsckj.net
jdmnn.com
fedelini.online
barkleysbettermints.com
popierwszezdrowie.net
amelntl.net
oceanic-sauna.online
ksssz.com
aprilrehrig.com
nwzjr.com
manimani1225.com
gstfranchisecenter.com
Targets
-
-
Target
TRANSFER schnell pdf.exe
-
Size
869KB
-
MD5
bbf23d4cf2bd893ff90a49e2fbfd8d77
-
SHA1
65cad8ceccd7b294a2439da6c4ac3752a0f4f114
-
SHA256
dcc7677fef7b0aa881bb1db61ef597bf5ba56181ee7b8147b8631238baccfb3b
-
SHA512
00f29f6a3f3ee0885af55078c556a90816b585af50dd529a3f4ebda057964cbb35347149dd2dacc1a5d2bb9cb3c0565265bf3d96e24868c7a41e0d517ad72ac1
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
ModiLoader First Stage
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-