General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.1501.6790

  • Size

    382KB

  • Sample

    220616-mqh9caghb2

  • MD5

    69179c129ec075bdad74d208e7514f7e

  • SHA1

    255fbb79b1d201a02d1e905619aa79925d9499f7

  • SHA256

    0ab8978869103e7594108e31a46cb1c7e62cb47ad44ab930fc17ccc2fb57daea

  • SHA512

    c4f263758bc90a148e41a72fd10e7592622fa19f45b16cd2db973c6d37b66af53d7200ba9502137013d8517a258b1d5ed85a68aafbda16877aee1294d80a43ab

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

tn61

Decoy

ryliehorrall.art

mesdco.net

street-art-ink.com

sepetcin.com

stilghar.com

hawaiipooltiles.com

fuerst-von-falkennest.com

totalvirtue.com

xdk0blc0tqy6a7.life

zootowngravel.com

kreditkarten-optionde.com

6888tlbb.xyz

albertakleekai.com

travelnurseinfofinder3.life

valleyinnswat.com

secure-remove-devices.com

digitalswamy.com

www112casinova.com

medifasttrd.com

distritoxermar.com

Targets

    • Target

      SecuriteInfo.com.W32.AIDetectNet.01.1501.6790

    • Size

      382KB

    • MD5

      69179c129ec075bdad74d208e7514f7e

    • SHA1

      255fbb79b1d201a02d1e905619aa79925d9499f7

    • SHA256

      0ab8978869103e7594108e31a46cb1c7e62cb47ad44ab930fc17ccc2fb57daea

    • SHA512

      c4f263758bc90a148e41a72fd10e7592622fa19f45b16cd2db973c6d37b66af53d7200ba9502137013d8517a258b1d5ed85a68aafbda16877aee1294d80a43ab

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks