General

  • Target

    280da9d0c01f708c83ea8bdf475656e81251dfa00567a5752e5dc950c808fbc6

  • Size

    668KB

  • Sample

    220620-w1zhrahfdm

  • MD5

    4869d38655b6f558f32bb139e79bfc24

  • SHA1

    d8b2c3170738dc2549423be7b2d97b3aa3c4ac46

  • SHA256

    280da9d0c01f708c83ea8bdf475656e81251dfa00567a5752e5dc950c808fbc6

  • SHA512

    cbfc7b4cc2913cd87f7ddec10e89315fc78d6cd2dd965792c70cc25f9586aa3c0e5d5deefc197f6172e8e9f813dcc6f1e3c61f9208991f3bf685649fbc3e5c1c

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n86i

Decoy

purpose-guide.com

averyshairco.com

blockchain-365.com

jismlmuu.icu

famosobambino.com

firstclasstruckingny.com

oracleoftheinternet.com

alliesdispatchlogistics.com

salten2.com

bfactivator.com

jgc40.com

nanninghao.com

eigorilla.info

predies.com

dmzg-cn.net

registratetexas.com

maxifina-aprovado.com

mdqqy-dliv.xyz

annurenterprise.com

dongtrunghathaovanphuc.com

Targets

    • Target

      Payment receipt MT103.exe

    • Size

      771KB

    • MD5

      1bd8c23e84f9fb7e855e5673ee0a0a0f

    • SHA1

      983121d3c3066278808579a850751610129c7491

    • SHA256

      1cfad5d1e12e19a54ba17a9e1abf882651930d6feea5836e3da45680d941dc1a

    • SHA512

      1257ed682553f906a8a953f05689cb4ac75c27aed85437ba693acebd6f320df55090fb7b2e0fe2982f24f164e957ecc8ef4de70ac39223ebfbe91c7cc66838b1

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks