General

  • Target

    92c2a317c5f1340fe40e847fd4a290b5.bin

  • Size

    227KB

  • Sample

    220621-dgslzshghl

  • MD5

    92c2a317c5f1340fe40e847fd4a290b5

  • SHA1

    20e4237c39443b999e176caaa799a9c840416934

  • SHA256

    967e80c11920ba196e5be5fa18e8df97cb351d12c7c219fe95ff644d29742c92

  • SHA512

    55196962ba58b27f06fba8e482675a6e5d876a0edfd7fd4e7846c5020dda27c3c49e9fa725b56406438ca21a8847b82dad7a656f8a1c16c4f9017cb446dedf60

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

tchu

Decoy

yenelle.com

omasex-filmpjes.com

canthonailgap.com

zidualz.com

jbc0lb.com

fusersing.com

xn--ehq408h.top

localsongwriters.com

wyzforwork.com

mycapitaldistricthomevalue.com

downtownsmminiblue.com

13640271161.com

fernandabragoni.com

goleanscape.com

e98858.com

drezuis.com

drispartyoficial.com

bar-tees.com

digitalayushman.online

balilishop.com

Targets

    • Target

      92c2a317c5f1340fe40e847fd4a290b5.bin

    • Size

      227KB

    • MD5

      92c2a317c5f1340fe40e847fd4a290b5

    • SHA1

      20e4237c39443b999e176caaa799a9c840416934

    • SHA256

      967e80c11920ba196e5be5fa18e8df97cb351d12c7c219fe95ff644d29742c92

    • SHA512

      55196962ba58b27f06fba8e482675a6e5d876a0edfd7fd4e7846c5020dda27c3c49e9fa725b56406438ca21a8847b82dad7a656f8a1c16c4f9017cb446dedf60

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    • Xloader Payload

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks