General

  • Target

    tmp

  • Size

    561KB

  • Sample

    220621-httf9sedb6

  • MD5

    ca6d72983949be70d6aa4517a6b68860

  • SHA1

    8758f924b08fae4c5d7025724f96034bb188b4bf

  • SHA256

    38134fe55100f4b90d1522f444547f670c8e197754d84ec0c83fe22bc352c22e

  • SHA512

    8d5e7957e5c55c6debf612ed0d04681a681f21d5a5cd77d3fc314ff790e5c2e8aaae24d16524e89014b0ef97c6464b84018c3e88bb6bd541511728b691729f1d

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

nq06

Decoy

theoshoverseer.com

p62q55a6.xyz

patriottease.top

lipintong.xyz

acinstallationamc.services

colinoccam.com

54stanleyaveunit1.com

penggacoranbluebird.com

999888000.com

mykidschoice.net

tjxjlk.online

lhab.xyz

businesscoach.info

halsupduck.website

sibutra.club

deepinthebayou.com

bigiiz.com

passthrubrokerage.com

metaprideland.xyz

yopalab.com

Targets

    • Target

      tmp

    • Size

      561KB

    • MD5

      ca6d72983949be70d6aa4517a6b68860

    • SHA1

      8758f924b08fae4c5d7025724f96034bb188b4bf

    • SHA256

      38134fe55100f4b90d1522f444547f670c8e197754d84ec0c83fe22bc352c22e

    • SHA512

      8d5e7957e5c55c6debf612ed0d04681a681f21d5a5cd77d3fc314ff790e5c2e8aaae24d16524e89014b0ef97c6464b84018c3e88bb6bd541511728b691729f1d

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks