General

  • Target

    4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701

  • Size

    1.0MB

  • Sample

    220515-h4p7lagbhp

  • MD5

    9c57cf589c6ff051d2aec2bbaf515dfb

  • SHA1

    846b8e1244b7a7e2cbddbd837c77708b6bb0bb32

  • SHA256

    4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701

  • SHA512

    2947df318501ce13e7b99cf65fc0f18db3086f6ac97727831ffdb253a28fdce3ce10d1d1998b80423d313ae5d375ad2f65ff9b3741774e2a3632de7862364a0e

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

arh2

Decoy

hstorc.com

blackountry.com

dhrbakery.com

dezhouofit.com

defipayout.xyz

ginas4t.com

byzbh63.xyz

qrcrashview.com

mialibaby.com

enhaut.net

samainnova.com

yashveerresort.com

delfos.online

dungcumay.com

lj-counseling.net

fliptheswitch.pro

padogbitelawyer.com

aticarev.com

sederino.site

bestplansforpets-japan3.life

Targets

    • Target

      4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701

    • Size

      1.0MB

    • MD5

      9c57cf589c6ff051d2aec2bbaf515dfb

    • SHA1

      846b8e1244b7a7e2cbddbd837c77708b6bb0bb32

    • SHA256

      4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701

    • SHA512

      2947df318501ce13e7b99cf65fc0f18db3086f6ac97727831ffdb253a28fdce3ce10d1d1998b80423d313ae5d375ad2f65ff9b3741774e2a3632de7862364a0e

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks