6923c6b53ceaec1d925149106d9d29c7d35af3542beca0bcbd9333f4ea28e67b

General
Target

6923c6b53ceaec1d925149106d9d29c7d35af3542beca0bcbd9333f4ea28e67b

Size

317KB

Sample

220521-dbyaaaaebp

Score
10 /10
MD5

949e3fdfe6efdb89fff9d5644f574f93

SHA1

4724e111f096b404014e26f00a3a7a7bc14f9a49

SHA256

6923c6b53ceaec1d925149106d9d29c7d35af3542beca0bcbd9333f4ea28e67b

SHA512

31e54ab4f8005cbba5fa92e7a1b0b3f431ef4de227f2ead0836737cf592714dea53581268d8b1e12b2880dca7529ee4397f8b1b94581e44bd9d3a16bd1618f31

Malware Config

Extracted

Family xloader
Version 2.1
Campaign iwnn
Decoy

laerteskft.com

growingstrongbook.com

bridgecounsel.com

takeabreakfromwork.com

www2998s.com

rvaimportados.com

zelfstandigondernemen.online

connectinglifes.com

ecopt.win

bwwvuih.com

designingbeyondmyeloma.com

apprentisageaplus.com

walkintubstoday.sale

littlemexicoimports.com

getaltai.com

sbd55999.com

nu000.com

theconsciouscookingcompany.com

jelancer.com

osusume-toushiseminar.com

grandis16v.info

venturacaraccidentattorney.com

shadesofunity.com

shinephotographydesign.com

sportweights.net

duki.ltd

dutchlion.solutions

blockshow.info

property-shark.com

yourgolfersagent.com

heatingtoken.com

mrhira.com

ncmkwd.info

immobilier-1800.com

aloyadakmashin.com

xn--polticadelopersonal-n1b.com

nbgadgets.com

brightwaycapecoral.com

metrocommunitynews.com

thegirlwithmightyinks.com

7380pe.com

ondemandleadsagency.com

kysaves529.com

microgreensprout.com

progressivecarlogin.com

freemifr.com

danielzig.com

greathomes8.com

lzsmsm.com

denverpropertybrothers.com

Targets
Target

request for quotation samples No 48576935 96877463.exe

MD5

6ceb03b6435eefad76639a03a22ce0fb

Filesize

419KB

Score
10/10
SHA1

f1a37e2f2cc7de7eed2403af42a446050a6610fd

SHA256

b32579e01c28fc0a157f14ce8c679d02fcd1f5c03f8eef56ba6a77a627786d84

SHA512

1987f6e1573ace6e6fa2b4c4409e7af1d7db12ab40593c8898a12c135aa0168c7772ae1727072e867311f4bd068a40b49c996102a05f80d5618de0f76d8b330b

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    Description

    suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    Tags

  • Xloader Payload

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation