General

  • Target

    dedd91e881caaba1ed1b895594b9d7c1.bin

  • Size

    455KB

  • Sample

    220621-dgqgmahggn

  • MD5

    dedd91e881caaba1ed1b895594b9d7c1

  • SHA1

    5b767dd84b395507830260e0b4860b251917f514

  • SHA256

    599be6a84953ba867aeb689c7ed72490de7c3e9abfa864846fe926f9f1a04bfb

  • SHA512

    0934355bf98d7dbe076c17f522a5809e3b286f3af635fd50b351fcfb526134377f695950beeabf7835de5c58853aaee041a103a749e26facf911eadb5a74cd45

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p89m

Decoy

wrapapplausechutney.xyz

covidmobiletestingmd.com

convey.gifts

b148tlrfee9evtvorgm5947.com

zmlhtjfls.com

mctrumpthyism.com

lilaixi.store

interstatehardwarenj.com

horakokode.com

42wilsonavenue.com

muskanphysio.com

absoluteuniquecrafts.store

donategame.online

greenlinkengineering.net

pinchanzosloyalty.com

companyintel.network

resumewriterguru.com

oakalleyatcimarron.com

sriyawealthplan.com

mpcollection.online

Targets

    • Target

      dedd91e881caaba1ed1b895594b9d7c1.bin

    • Size

      455KB

    • MD5

      dedd91e881caaba1ed1b895594b9d7c1

    • SHA1

      5b767dd84b395507830260e0b4860b251917f514

    • SHA256

      599be6a84953ba867aeb689c7ed72490de7c3e9abfa864846fe926f9f1a04bfb

    • SHA512

      0934355bf98d7dbe076c17f522a5809e3b286f3af635fd50b351fcfb526134377f695950beeabf7835de5c58853aaee041a103a749e26facf911eadb5a74cd45

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks