General
-
Target
8ea9e71562afe3c89c89eb710410534f
-
Size
75KB
-
Sample
220621-r9sdksggg8
-
MD5
8ea9e71562afe3c89c89eb710410534f
-
SHA1
a3748535b8a396c1145e8c1db9d3a58205b0a19b
-
SHA256
616002c7b51a2776782788b5b4dade1dddf4bc3d1be684fd92f6e9b0f7368576
-
SHA512
77ed75fdef1826006f5ad36ff953361ea82e351004224c0e8adce2b41a5311d6ad2243eaa1a103ffee68ecb77318fba7a69fbaf9e1b30d566028c0909ea0ff68
Malware Config
Extracted
xloader
2.5
r87g
gzjyjzsj.com
rapibest.com
affordablebathroomsbyfrank.net
roboruben.com
xn--dlisucr-byag.com
encoreasso.com
piscire.com
dixiebusybee.com
newrome.xyz
sunshinejon.com
glacierforfcs.xyz
borhanmarket.com
tous-des-cons.club
hsfstea.com
spiniform.info
vaicomfibra.com
shinigami.xyz
kryptoindia.com
listentoappetite.com
securepplpay.com
Targets
-
-
Target
swift_5466535-9868655_45456.xlsx
-
Size
52KB
-
MD5
a96ddbe347e32231c69661c2378b6f8f
-
SHA1
08121d6e2283c1369fc68c5a16570286895d5df0
-
SHA256
18b9c1cf9230f3c1d68056d6c17e050548ab2d62e545ba3063bb03777383e9bf
-
SHA512
8a61b2452671b8e2a54bf968360f5a377ecfef798a634463cdf7e9102980a339409c19b0f9e386b111007a6581e851556d0b150e44725aa23c1fcdf22e20fa86
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Xloader Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-