General
-
Target
tmp
-
Size
273KB
-
Sample
220620-wza4rsbfh9
-
MD5
c52ecabaed16aba5fac89d694e7508dc
-
SHA1
492c8828a332dbcc0f68d5ee5b17d9ae994b48c4
-
SHA256
276c6876c250e5ebfd761d05937f5a48f7e4c9a6851293a77ab9bf683c8bbf80
-
SHA512
e8ab6c6c0388f879ba9b2a5628ba1d21b2a21c4c4d99dde017596e8107e5a439b840bc4e751e1af6444fd56046d7a567363aa1edb19d8094329c4324147d777f
Malware Config
Extracted
xloader
2.6
vweq
malang-media.com
mrsfence.com
lubetops.com
aitimedia.net
montecryptocapital.com
ahwmedia.com
bvmnc.site
bggearstore.com
bcsantacoloma.online
alltimephotography.com
santacruz-roofings.com
leaplifestyleenterprises.com
censovet.com
similkameenfarms.com
undisclosed.email
thetrinityco.com
rapiturs.com
jedlersdorf.info
mh7jk12e.xyz
flygurlblogwordpress.com
Targets
-
-
Target
tmp
-
Size
273KB
-
MD5
c52ecabaed16aba5fac89d694e7508dc
-
SHA1
492c8828a332dbcc0f68d5ee5b17d9ae994b48c4
-
SHA256
276c6876c250e5ebfd761d05937f5a48f7e4c9a6851293a77ab9bf683c8bbf80
-
SHA512
e8ab6c6c0388f879ba9b2a5628ba1d21b2a21c4c4d99dde017596e8107e5a439b840bc4e751e1af6444fd56046d7a567363aa1edb19d8094329c4324147d777f
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-