General
-
Target
e9b466a1b3df2b320aefc4a97d9c8a1f182731a943eea65c4565d85aa4aa7c35
-
Size
610KB
-
Sample
220221-lmv83aabfl
-
MD5
855b05c57fe4ba924562cc29a7a01209
-
SHA1
a62887f76cdaabdfcac5514bb5efcdf7993e6152
-
SHA256
e9b466a1b3df2b320aefc4a97d9c8a1f182731a943eea65c4565d85aa4aa7c35
-
SHA512
b979d5fe369a8742cf9e753315af8bf3d2bf760841838d14c663992afbc81e1eb86f45b4a4b2ea2716f052fa158b6b6e090b931970d97c29b5ae5dc6af51be9a
Malware Config
Extracted
xloader
2.3
kio8
greeaircondition.com
thewilmingtonguide.com
cbluedotlivewdmall.com
globalcrime24.com
heightsplace.com
ghar.pro
asosbira.com
melolandia.com
velactun.com
erniesimms.com
nutbullet.com
drizzerstr.com
hnqym888.com
ghorowaseba.com
1317efoxchasedrive.info
stjudetroop623.com
facestaj.com
airpromaskaccessories.com
wolfetailors.com
56ohdc2016.com
Targets
-
-
Target
Materials.exe
-
Size
550KB
-
MD5
3fa32441cdf20f227676163f2ddd66c4
-
SHA1
7b6bf423286a2096449015602d4d5db258866da6
-
SHA256
fe7c717b3f64d3c721f760c5d62cf09b7bfcdb8fcbf163e7958907a3d7b2dfad
-
SHA512
20985ad52ee625f6ded7a45f2a83f57ebf1db97abd10959d6cd30f1e404da7879cbf34630f3be70679183bf1dbd46795991c5a68f9c1eb9dd9bfb7a980b9da48
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-