General

  • Target

    PO 87910219.exe

  • Size

    617KB

  • Sample

    220617-ewx1pache3

  • MD5

    9bd3caa7036364de2477a63affbfc680

  • SHA1

    f79011981755e4bec658a0229676e37e36438818

  • SHA256

    774e7baca6802b4d8cf3df0fd6162e1bac6dbfb5a4e50f09bc2d7c9e166b285e

  • SHA512

    c85b1af5a78a880ea4441473a80814954057a8e3834bfe7396722989859769d1fb623e1f8c79efb6919576b8255cde99c81acbb24fa82f6d00cccb4e5731c046

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

ssmm

Decoy

bhealthybu.com

formasyonlar.com

huddleadvising.com

iroofer.net

pokerisparadise.com

partnrsocial.com

omnixinity.com

sandibet.biz

xxxpool.xyz

mainsuranceagency.com

filipkaarrtofffers.online

txgongsi.com

bonasuplementos.com

sxp89app.space

grandeurjewelryph.com

productsorcerer.com

mrussellhandyman.com

igorstelea.com

cateraevents.com

yashaswistudio.com

Targets

    • Target

      PO 87910219.exe

    • Size

      617KB

    • MD5

      9bd3caa7036364de2477a63affbfc680

    • SHA1

      f79011981755e4bec658a0229676e37e36438818

    • SHA256

      774e7baca6802b4d8cf3df0fd6162e1bac6dbfb5a4e50f09bc2d7c9e166b285e

    • SHA512

      c85b1af5a78a880ea4441473a80814954057a8e3834bfe7396722989859769d1fb623e1f8c79efb6919576b8255cde99c81acbb24fa82f6d00cccb4e5731c046

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Adds policy Run key to start application

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks