General
-
Target
PAYMENT.rar
-
Size
237KB
-
Sample
220128-spl7hafdhj
-
MD5
262f37ff82e62e473595c3fe5cd873a3
-
SHA1
5716cf072220307126139716666345e8b0ad80e6
-
SHA256
8cbcba13895213b6f102c3c75b05f16e3df293063509c61e73ae367371f4885c
-
SHA512
95bf6e8ba236485d53adfd5500f56bb7df182a0aad298288cebdc6e7c84df95fb2c8a280c7cd0e9113ebef6ca4f8c59f704f0d3a0f49b556f55154dd22842793
Malware Config
Extracted
xloader
2.5
dtt3
edilononlineshop.com
cursosd.com
viellacharteredland.com
increasey0urenergylevels.codes
yjy-hotel.com
claym.xyz
reelsguide.com
gives-cardano.com
ashrafannuar.com
mammalians.com
rocketleaguedads.com
yubierp.com
minimi36.com
chn-chn.com
jagojp888.com
parsian-shetab.com
273351.com
mdtouhid.com
babedads.com
vallinam2.com
Targets
-
-
Target
CTM ARRANGMENT.exe
-
Size
249KB
-
MD5
a2046a5aeb81e1fc98cbbc9a2aff19b1
-
SHA1
6fb0f2848d25ffb9ea2c4441552c466539a0f0e0
-
SHA256
d0a2b78cdc16ebd07adf6aacd4b6e2d639dcdebd28f0e3eb4ca3e6b73cc1add8
-
SHA512
90bd09bed2fd4bb5eae4281fa9fae0df1164a36bb37b7ea2e8e70b034436461966d1b317f1e5ec610055acd7e28372b4bbafe96154e32c182aa93ba05fdf8640
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-