General
-
Target
f7ecd12d134aaf3541396c78337ce672
-
Size
714KB
-
Sample
220514-qqmtbahha6
-
MD5
f7ecd12d134aaf3541396c78337ce672
-
SHA1
bb41a84d4f5eef537e41cf4bde375c99bff86a04
-
SHA256
ec2f5710fdf33c7b843829ebd9f088b15141b643b4354dd92d39b6e290ceca70
-
SHA512
ef70eb852b370e5f29ca4d27584a3faad34a629c857e135f434b21e483c24fc813fe97fff77eb73dae428fd3e97fb82c3564eae03a18d8bfd0f1a71ba3c9f77a
Malware Config
Extracted
xloader
2.6
n6g4
bw589jumpb.xyz
lojas-marias.com
gadgersvip.com
zeavd.com
moment4miracles.com
wildcanetours.com
executivetravelandlogistics.com
uspplongee.com
schilova.online
smoothie-optics.com
masterima.net
kickball.site
theastralark.com
nick-sylvestro.com
properscooter.com
wave-thermodynamics.com
bitcollide.com
xed5555.com
tsue-sangyo.com
lucianaejoaoalberto.com
Targets
-
-
Target
f7ecd12d134aaf3541396c78337ce672
-
Size
714KB
-
MD5
f7ecd12d134aaf3541396c78337ce672
-
SHA1
bb41a84d4f5eef537e41cf4bde375c99bff86a04
-
SHA256
ec2f5710fdf33c7b843829ebd9f088b15141b643b4354dd92d39b6e290ceca70
-
SHA512
ef70eb852b370e5f29ca4d27584a3faad34a629c857e135f434b21e483c24fc813fe97fff77eb73dae428fd3e97fb82c3564eae03a18d8bfd0f1a71ba3c9f77a
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-