General

  • Target

    bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7

  • Size

    17KB

  • Sample

    220218-ntsgvsdcgp

  • MD5

    92c35904f4cf224c1a26f7162e465b02

  • SHA1

    d4d1635404188075b42f49c4714cc85faa54e71c

  • SHA256

    bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7

  • SHA512

    43f28013fa83da1957cda63cdc07b12a4ee9e16f54ed1f8ff36d83d3ce3dff7d710a630e8f042291162eb225e3cd6c08c018fea28e87aa4ac3f0a24b2879c9a8

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

    • Target

      bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7

    • Size

      17KB

    • MD5

      92c35904f4cf224c1a26f7162e465b02

    • SHA1

      d4d1635404188075b42f49c4714cc85faa54e71c

    • SHA256

      bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7

    • SHA512

      43f28013fa83da1957cda63cdc07b12a4ee9e16f54ed1f8ff36d83d3ce3dff7d710a630e8f042291162eb225e3cd6c08c018fea28e87aa4ac3f0a24b2879c9a8

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks