General

  • Target

    Shipping Documents.exe

  • Size

    682KB

  • Sample

    220621-hxmswscbap

  • MD5

    c64c0beab3c9f90e245fe3b579e6ace9

  • SHA1

    e7d007829dfe83b8d05b50b21b0cde655f966234

  • SHA256

    6d7cae2e6900b4498dc7531835fa27a6cb76f8dfd2b3c466a1d47f7a2f479706

  • SHA512

    9ef85af52dcdf5c064de6559c1085e41359d1e9a1318209554097aa9934ea3cc438cd1b312e3ebbcbe4b889c5d3420ea2ee63926f296072a20ac82a45e602dc6

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

gwsr

Decoy

colagiovanniginecologa.com

amanda-aiello.com

7859000.com

getklim.com

amplequeen.com

presencelarning.com

scuralliphotography.com

xhbafw.com

mxhdkt.com

belmarmassage.com

kaunahijab.com

xcxcxcc.icu

womamwhims.com

fixuplooksharp.xyz

ijtshopingit.website

inveztcorp.com

zjgdaikin.com

yasvip-ud5.xyz

adsocius.net

wabo229.xyz

Targets

    • Target

      Shipping Documents.exe

    • Size

      682KB

    • MD5

      c64c0beab3c9f90e245fe3b579e6ace9

    • SHA1

      e7d007829dfe83b8d05b50b21b0cde655f966234

    • SHA256

      6d7cae2e6900b4498dc7531835fa27a6cb76f8dfd2b3c466a1d47f7a2f479706

    • SHA512

      9ef85af52dcdf5c064de6559c1085e41359d1e9a1318209554097aa9934ea3cc438cd1b312e3ebbcbe4b889c5d3420ea2ee63926f296072a20ac82a45e602dc6

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks