General
-
Target
145f840479b9baa3431886abf20b30820f2cc5fe427c0d14390818c7e38ad3cd
-
Size
274KB
-
Sample
220322-bvjvwsaegr
-
MD5
16c4a16f7bd751b068e65d81ba2f64cd
-
SHA1
3cc2679cb6af197f177481f7708bed0eed93f458
-
SHA256
145f840479b9baa3431886abf20b30820f2cc5fe427c0d14390818c7e38ad3cd
-
SHA512
8675970aa4fc84e3fc6e9b84b7189e8077a372e15b01be22bfd52877e2e6c94d439e213271d2554f242182fc9052b9b98148876e31096467c778cc508cad006f
Malware Config
Extracted
xloader
2.5
ahc8
192451.com
wwwripostes.net
sirikhalsalaw.com
bitterbaybay.com
stella-scrubs.com
almanecermezcal.com
goodgood.online
translate-now.online
sincerefilm.com
quadrantforensics.com
johnfrenchart.com
plick-click.com
alnileen.com
tghi.xyz
172711.com
maymakita.com
punnyaseva.com
ukash-online.com
sho-yururi-blog.com
hebergement-solidaire.com
Targets
-
-
Target
145f840479b9baa3431886abf20b30820f2cc5fe427c0d14390818c7e38ad3cd
-
Size
274KB
-
MD5
16c4a16f7bd751b068e65d81ba2f64cd
-
SHA1
3cc2679cb6af197f177481f7708bed0eed93f458
-
SHA256
145f840479b9baa3431886abf20b30820f2cc5fe427c0d14390818c7e38ad3cd
-
SHA512
8675970aa4fc84e3fc6e9b84b7189e8077a372e15b01be22bfd52877e2e6c94d439e213271d2554f242182fc9052b9b98148876e31096467c778cc508cad006f
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-