General

  • Target

    New order 07,06,2022.exe

  • Size

    626KB

  • Sample

    220706-kgetfsaffn

  • MD5

    1287d9ae257300407cf7490872764eab

  • SHA1

    b71bc21b67a5b1031ed873b02e54726394c90060

  • SHA256

    f6db3a2b3160b40742b164c6bbe0496368f4fc52d1a16757a49d023f5189b428

  • SHA512

    4ebd21f597a8c5025216aa44df4d44afeaadb16729cf049b95a329ebd0d47def09c5fbd9f518dd0560101ffe5c30405f6ecf13e9502841bfcf8c52332ee8d13e

Malware Config

Targets

    • Target

      New order 07,06,2022.exe

    • Size

      626KB

    • MD5

      1287d9ae257300407cf7490872764eab

    • SHA1

      b71bc21b67a5b1031ed873b02e54726394c90060

    • SHA256

      f6db3a2b3160b40742b164c6bbe0496368f4fc52d1a16757a49d023f5189b428

    • SHA512

      4ebd21f597a8c5025216aa44df4d44afeaadb16729cf049b95a329ebd0d47def09c5fbd9f518dd0560101ffe5c30405f6ecf13e9502841bfcf8c52332ee8d13e

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks