General

  • Target

    d63789eb0eadba36bd89975294d18afa75ceef26c802b9dabde0ee81b1484860

  • Size

    803KB

  • Sample

    220427-nevcxahabq

  • MD5

    74c748432b2e34ea92e2a386094e4fdc

  • SHA1

    e6a0d9852ae56f195b1bf3cbe37a279f4535d9b6

  • SHA256

    d63789eb0eadba36bd89975294d18afa75ceef26c802b9dabde0ee81b1484860

  • SHA512

    2f1c8d6187c2e0dde4111d5b2dc9e99dce89c5bc5f5a38ee65d8ec3f5ad2c52da4749228b2261b51afb61dc72cfb19200e91d9df91c3dcfdd5272525c509667a

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

arh2

Decoy

anniversaryalert.com

kinship.space

buabdullagroup.com

ghostprotectionagency.com

scion-go-getter.com

skindeepapp.com

kysp3.xyz

bonitaspringshomesearch.com

bestdeals2022.online

themarketingstinger.com

chengkayouxuan.com

fendoremi.com

j-stra.com

klingelecn.net

deluxecarepro.com

huanbaodg.com

mes-dents-blanches.com

solutionsemissionsimplifiee.com

abedbashir.tech

good-collection.store

Targets

    • Target

      d63789eb0eadba36bd89975294d18afa75ceef26c802b9dabde0ee81b1484860

    • Size

      803KB

    • MD5

      74c748432b2e34ea92e2a386094e4fdc

    • SHA1

      e6a0d9852ae56f195b1bf3cbe37a279f4535d9b6

    • SHA256

      d63789eb0eadba36bd89975294d18afa75ceef26c802b9dabde0ee81b1484860

    • SHA512

      2f1c8d6187c2e0dde4111d5b2dc9e99dce89c5bc5f5a38ee65d8ec3f5ad2c52da4749228b2261b51afb61dc72cfb19200e91d9df91c3dcfdd5272525c509667a

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks