General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.19961.17844
-
Size
448KB
-
Sample
220616-nzkzzaefcj
-
MD5
4cfcb2976dc600ecd5e61ee012d2cf80
-
SHA1
bb6405e828b4f43846e2bf5dcfda7ccad2c204a3
-
SHA256
af734d11eb2809d171ff3e63096cb2cbd38ee44a6e4b9e0ab195498635208598
-
SHA512
9743553db9ce03ba401b14e9c018957b94e6b42ed2cf430432ef2d9fa7343ce1b16439842457465ad1d0960a3ee72881b130f8a35cce06b2e1475e1b2f03d6a2
Malware Config
Extracted
xloader
2.5
r87g
gzjyjzsj.com
rapibest.com
affordablebathroomsbyfrank.net
roboruben.com
xn--dlisucr-byag.com
encoreasso.com
piscire.com
dixiebusybee.com
newrome.xyz
sunshinejon.com
glacierforfcs.xyz
borhanmarket.com
tous-des-cons.club
hsfstea.com
spiniform.info
vaicomfibra.com
shinigami.xyz
kryptoindia.com
listentoappetite.com
securepplpay.com
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.19961.17844
-
Size
448KB
-
MD5
4cfcb2976dc600ecd5e61ee012d2cf80
-
SHA1
bb6405e828b4f43846e2bf5dcfda7ccad2c204a3
-
SHA256
af734d11eb2809d171ff3e63096cb2cbd38ee44a6e4b9e0ab195498635208598
-
SHA512
9743553db9ce03ba401b14e9c018957b94e6b42ed2cf430432ef2d9fa7343ce1b16439842457465ad1d0960a3ee72881b130f8a35cce06b2e1475e1b2f03d6a2
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-