General

  • Target

    b8cef7577e09d894f2136407634962aa9574f00c3c09651cafeffbed4e9b220a

  • Size

    370KB

  • Sample

    220621-haavtaecc2

  • MD5

    1d93fbbb1895e55356b63fd37073ef62

  • SHA1

    994616598f9657eac8c3ebf8ce013aa3dc457864

  • SHA256

    b8cef7577e09d894f2136407634962aa9574f00c3c09651cafeffbed4e9b220a

  • SHA512

    56af7465c21d7ef8a4bd75696b90a17c79acbddbdf0c04134e64ed5b767d3e9acdabd062ef5b41844e57defad23ce26e8073b53cd0d6efac6bad2fd8dd3594de

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

mt88

Decoy

syzbf32.xyz

pertlines.com

vybaveniprocyklostezky.com

elianmsalas.tech

a-snag-tokei-kaitori.com

tuvistaing.com

whoyoucall.net

l8e9gr.xyz

sophrologuemontevrain77.com

ciclean.com

the-roel.com

campgreencove.com

foremostbookkeeping.com

zamanscorner.com

efeturozemniyet.com

penelope.team

murata.life

solfuls.com

tradefitinvesting.com

skinbid.pro

Targets

    • Target

      b8cef7577e09d894f2136407634962aa9574f00c3c09651cafeffbed4e9b220a

    • Size

      370KB

    • MD5

      1d93fbbb1895e55356b63fd37073ef62

    • SHA1

      994616598f9657eac8c3ebf8ce013aa3dc457864

    • SHA256

      b8cef7577e09d894f2136407634962aa9574f00c3c09651cafeffbed4e9b220a

    • SHA512

      56af7465c21d7ef8a4bd75696b90a17c79acbddbdf0c04134e64ed5b767d3e9acdabd062ef5b41844e57defad23ce26e8073b53cd0d6efac6bad2fd8dd3594de

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks