General

  • Target

    Payment Advice doc.ace

  • Size

    758KB

  • Sample

    220616-ljsnrschcn

  • MD5

    50a832f10c1488475645f9301d1c9c0f

  • SHA1

    ddd3c4c112d3d43b5ac17281d982a71115179d88

  • SHA256

    530cc2f72a261230798589bb7166f221f77cbd2eff4e12e872128d570a0bb990

  • SHA512

    c84cffc331baa36c412a1ba3d002413e94ce039832ca57aea01b2a842d1eccdfa72883e2a17278ea132161c31358f91dae7778265b87874d83a7633a35843496

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

h4st

Decoy

hawkonline.club

unitedkingdomvoip.site

tbrme.com

ysxol.xyz

oviagrooming.com

pokerdominogame.com

perabett463.com

orderjoessteaks.com

sjczyw.com

christensonbrothers.com

stanegroupe.com

residencialseniorspa.com

eyetechlabs.com

lens-experts.com

69988.club

skateboardlovers.com

ourhighlandacres.net

dskensho343.xyz

dance985.com

iran-style.com

Targets

    • Target

      Payment Advice doc.exe

    • Size

      849KB

    • MD5

      ca86ee16c51a5081464eb585cf5467e4

    • SHA1

      5b3e6c9006b1d7980700f4ccffbd8d8a5258eb30

    • SHA256

      2d7a273e89f10f65f578ab99082a23aecc948556f8e33a67f1eb9689b1cdc1d3

    • SHA512

      94cc554facaf0c317e123da8dcbd1284688f6d4b077ce990958a05276e4fb9d4c4cec88232004a843ec133300c3d9ddcbed66d4e156928d74bcc5c1f2a81a467

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks