General

  • Target

    918d148a95ceffbf6cf619106cbbc49f

  • Size

    456KB

  • Sample

    220216-lfd17sbed5

  • MD5

    918d148a95ceffbf6cf619106cbbc49f

  • SHA1

    32075f31064cbd71e820f9c5a9b1c41e357b17ea

  • SHA256

    826837df6dde8385f31f1a25df7ebdf946b9519af3142bfb87d4b9196f3822f1

  • SHA512

    25d415e45b326d5db660326124fdc189fb1d17198159197ad2ab953bed979116fd743f49d122a7ef70c9735fdef3dc89893ddebe10b950dc88152d75578f2fb7

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

    • Target

      918d148a95ceffbf6cf619106cbbc49f

    • Size

      456KB

    • MD5

      918d148a95ceffbf6cf619106cbbc49f

    • SHA1

      32075f31064cbd71e820f9c5a9b1c41e357b17ea

    • SHA256

      826837df6dde8385f31f1a25df7ebdf946b9519af3142bfb87d4b9196f3822f1

    • SHA512

      25d415e45b326d5db660326124fdc189fb1d17198159197ad2ab953bed979116fd743f49d122a7ef70c9735fdef3dc89893ddebe10b950dc88152d75578f2fb7

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks