General

  • Target

    1480f1e7c67eba8390ea572cd3b9b133bb6da142e689979d581a46f1672c197c

  • Size

    369KB

  • Sample

    220207-atg48sdcc2

  • MD5

    20a5d9c849989672de66b624250dadfa

  • SHA1

    404e5793ff2af295fb2723deb1705a545d9f07a9

  • SHA256

    1480f1e7c67eba8390ea572cd3b9b133bb6da142e689979d581a46f1672c197c

  • SHA512

    ff9176d4080eaebba85bee2446d435e8fd919a626a90645d288032fb75620e096afcf150446b722e42557e139626974e5819a20ab87e514a07450341cba8df1b

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

daliglobalservice.com

thenationschristianchurch.com

aliqy.com

grace-saunders.com

endlessretirement.com

stanleycupticket.com

dltgame.club

healthqnahindi.com

salniyrk.icu

laurasbaked.com

vintagechinese.com

agrocomposites.com

aimedsports.com

vegeatsdirect.com

goh-pbl.com

fairview.global

affiliateprogramscenter.com

blogizarshop.com

loorzon.com

curtex.info

Targets

    • Target

      New Purchase Order.exe

    • Size

      747KB

    • MD5

      99e9bf49fad21cd57261f354af9742e4

    • SHA1

      28e1025ad185b7502568d4dbdab483b25b8e0fac

    • SHA256

      92ddc88d7c1bde849c18747f4fcd526c240a81efe9c74ee1dcaa4a72ecc9ac3a

    • SHA512

      1c8e9d9e6052ebb054623aaaadde67627e0cb07f576cc8aaa5be5f48dcc34370d8658148a9716c8ca139742dbe4145bb3f4c365b2e23012138f1aace61280bbc

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks