General

  • Target

    cae9a0644fd5cc322d7507cb395211a8af890df841bcd028f56e77399ada378b

  • Size

    234KB

  • Sample

    220706-p8metsfaa3

  • MD5

    1fc1fea1f0894c6e97a0b3a4a1b07566

  • SHA1

    240f0ae84d5a5befe322317f8471d3e127a89d93

  • SHA256

    cae9a0644fd5cc322d7507cb395211a8af890df841bcd028f56e77399ada378b

  • SHA512

    c9865285bc1b5db73915159eb87c00a8ece16934722429e54477f4e30282f33af0cb1986bccb53f393132ec1ad743b1b2761ee7a3652c312f1849c200b83eb88

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

vweq

Decoy

malang-media.com

mrsfence.com

lubetops.com

aitimedia.net

montecryptocapital.com

ahwmedia.com

bvmnc.site

bggearstore.com

bcsantacoloma.online

alltimephotography.com

santacruz-roofings.com

leaplifestyleenterprises.com

censovet.com

similkameenfarms.com

undisclosed.email

thetrinityco.com

rapiturs.com

jedlersdorf.info

mh7jk12e.xyz

flygurlblogwordpress.com

Targets

    • Target

      cae9a0644fd5cc322d7507cb395211a8af890df841bcd028f56e77399ada378b

    • Size

      234KB

    • MD5

      1fc1fea1f0894c6e97a0b3a4a1b07566

    • SHA1

      240f0ae84d5a5befe322317f8471d3e127a89d93

    • SHA256

      cae9a0644fd5cc322d7507cb395211a8af890df841bcd028f56e77399ada378b

    • SHA512

      c9865285bc1b5db73915159eb87c00a8ece16934722429e54477f4e30282f33af0cb1986bccb53f393132ec1ad743b1b2761ee7a3652c312f1849c200b83eb88

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    • Xloader Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks