General

  • Target

    NEW PO 87910219.exe

  • Size

    622KB

  • Sample

    220621-gxledsebg2

  • MD5

    7d134d7411132c648a3e8c96b6512ddb

  • SHA1

    ac36a8371466aa2cc72dd8de3d82c8ee79223358

  • SHA256

    6754c12fc6c245becc9c5104eb4c130ee31217a4a8cdee324f468c2c26b4e051

  • SHA512

    e27e1ad2543efead629e66a580be1cf4a8712c695d2d778c55cc93c6b3c870dd680040f318f1309f0d685352da5bfae8797fa02aa1f4cf8a1a07aeb7e4cc0550

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

be3s

Decoy

aoxaswa.info

souplab-graphic.com

churchontheisland.com

spclassic-cars.com

stanford-edu.club

heydowm.online

chattanooga-electricians.com

sectsk.com

cxg98.com

buildafricaonline.net

buydogcoin.com

vsst247.com

lodgelastrancas.com

ainonaho.com

griousndwarehsftyfs.xyz

voltagestabilizersupply.com

xn--79q565dzfex9hg81b.com

isrvr-ccrforum.info

chitiandi.com

criticaldisco.com

Targets

    • Target

      NEW PO 87910219.exe

    • Size

      622KB

    • MD5

      7d134d7411132c648a3e8c96b6512ddb

    • SHA1

      ac36a8371466aa2cc72dd8de3d82c8ee79223358

    • SHA256

      6754c12fc6c245becc9c5104eb4c130ee31217a4a8cdee324f468c2c26b4e051

    • SHA512

      e27e1ad2543efead629e66a580be1cf4a8712c695d2d778c55cc93c6b3c870dd680040f318f1309f0d685352da5bfae8797fa02aa1f4cf8a1a07aeb7e4cc0550

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks