General

  • Target

    tmp

  • Size

    510KB

  • Sample

    220620-wvxrzabeg4

  • MD5

    f4d2e38d770585564ad341312df5878b

  • SHA1

    11de5c089ffad75ec2322d5a45e869f8340b651a

  • SHA256

    28ce8117bb43173598827978edede21b263bf7e432fb4c2602ca3e6f1032a236

  • SHA512

    89ee06b556c4c9bcfe07654909578b24d2183c67617c5bc67a2769efba9ebf15f34f975dfbdf7620d680737a9f03fdfe2c0663a16c49484d58708dcb266d201f

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

ip4t

Decoy

710wgm.com

ournewhorizon.com

hilfe-online.xyz

suryaciptanusantara.com

hfrdwy.com

solutionscollection.com

savor.menu

fxivcama.com

freedom-recruitment.com

owldit.com

fullbiz.online

ztgifts.com

zerlastreeservices.com

simpleenergyai.com

ostheide-immobilien.com

mike-piano.com

xiheps.com

usedcarindonesia-ace.com

yuncuiyunying.xyz

hopecrtprotour.com

Targets

    • Target

      tmp

    • Size

      510KB

    • MD5

      f4d2e38d770585564ad341312df5878b

    • SHA1

      11de5c089ffad75ec2322d5a45e869f8340b651a

    • SHA256

      28ce8117bb43173598827978edede21b263bf7e432fb4c2602ca3e6f1032a236

    • SHA512

      89ee06b556c4c9bcfe07654909578b24d2183c67617c5bc67a2769efba9ebf15f34f975dfbdf7620d680737a9f03fdfe2c0663a16c49484d58708dcb266d201f

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks