General

  • Target

    7575486141.zip

  • Size

    598KB

  • Sample

    220616-xk1asabbh8

  • MD5

    7a3158853463bd08fc2fb5801278f80e

  • SHA1

    1e269fb699a6f625f81c35baa98b3fc76659ad0a

  • SHA256

    4a658f2a54f6bd1df3d6ef682eac82e7084a293438169af6f9f1f5dd288b3c53

  • SHA512

    73038ed0e590b583005273b0617b3f6a277fb4c1cd1efd64455b07a0b3665ae9e8f4d57b659ec375e7f89747f51835713faf59d8453c1674990b1334b425d05e

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

apju

Decoy

fbqxzz.icu

kinokosuke.com

psychosoziale-beratung.com

covermydreamhome.com

livingartpodcast.com

simonavallone.com

spaedymafra.com

royzoom.com

classiccuisinetci.com

itechnology.tech

range4tis.com

rehab-infoweb.net

rebeccawsapp.com

azenkabestmid.info

change0913.com

efilux.com

aprendesobre.com

relokators.com

reditastore.com

3424soldbastrophwy.com

Targets

    • Target

      59ff552836be62fb7a7bac7967eb15c7e47b40c23d57c05b2183d819535f556d

    • Size

      976KB

    • MD5

      234b20b7f7acc532a7dba7ec66975eb0

    • SHA1

      19fe0a1987868f24a54cfc5214c509cff9f8691e

    • SHA256

      59ff552836be62fb7a7bac7967eb15c7e47b40c23d57c05b2183d819535f556d

    • SHA512

      33ca4aab26bde5e3e83a28f6531b778e48ebfec90f3118b7938c3abd849169ac74a4d586f76f51bd07254fca52fa283705720ae103ad3d848c5fc90c32db11c3

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks