General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.17604.15051

  • Size

    269KB

  • Sample

    220620-r8qhlaeahk

  • MD5

    19861d87fe26d68455c99bf2f9bbcbd4

  • SHA1

    a6564b4d40554302eaf5b268c1b68ee782106e7f

  • SHA256

    d633761b804b67c96b1b53eef2bc4be89542c95406882f35d2dc12ef24f35885

  • SHA512

    a5abc67d06658f274349f2666ddcda250b53bc488f989553bbd2fc9daac95e828584b62df17627042771cce91e6f871db30d22e29e70fb1b16ea6b3b23ded46b

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

qnse

Decoy

sowellpowertask.site

vitoramsden.site

northaugustaliving.com

meowpawr.com

rockmore.store

luxurytomato.com

jjlbyl.com

cryptonewsmalaysia.com

mylichy.site

apisource.net

soulisouwai.com

smmstreet.com

adevopsisyou.com

unitedairgunners.com

imgcinfo.com

emiratesentrypass.com

flarefashion16.club

vacationtrip.xyz

hotupdatenews.com

nekomedeblog.com

Targets

    • Target

      SecuriteInfo.com.W32.AIDetectNet.01.17604.15051

    • Size

      269KB

    • MD5

      19861d87fe26d68455c99bf2f9bbcbd4

    • SHA1

      a6564b4d40554302eaf5b268c1b68ee782106e7f

    • SHA256

      d633761b804b67c96b1b53eef2bc4be89542c95406882f35d2dc12ef24f35885

    • SHA512

      a5abc67d06658f274349f2666ddcda250b53bc488f989553bbd2fc9daac95e828584b62df17627042771cce91e6f871db30d22e29e70fb1b16ea6b3b23ded46b

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    • Xloader Payload

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks