General

  • Target

    Nova lista narudzbi.zip

  • Size

    436KB

  • Sample

    230116-lm7xvsgh8w

  • MD5

    9940f34eca440b378aacc988e6e2957d

  • SHA1

    134cb13aff34e97a32af1bc25c6de8f29f689723

  • SHA256

    515220a965afb074cc2e1fc3b2dda94756cb294207c622092bb8e43407ef83a8

  • SHA512

    0ed43c7848ebe1a9ab1fe0081f7b271377b6a2dcefc19e57f8fbd4f89cad1a84a4f9b851588f0cd6ab802bdda3825468cd0d78fd027d677284c6b7dfd78d175b

  • SSDEEP

    12288:bbI/952XDPHhysMBB5xJL1DG8g+9MA6MU9:bs6vjMhPL1DQ+9AMi

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

    • Target

      Nova lista narudzbi.exe

    • Size

      816KB

    • MD5

      c913939da5213c631b70b06fa61eae28

    • SHA1

      28d2f9a5f12be6d61b85f5a5d6187e01f0ae284c

    • SHA256

      4b382c5497bb61b9cc4189101e9595a031f37db9fa712b61cdc4a60f59bff8b4

    • SHA512

      271be8d2ed70e93b16ae7a68e72b93252b6e9164f53d286014e371e801a268d650f484e1a19c1afd85abbd68c8f4718c11dc0c2c19ca64e849434d10fb476e49

    • SSDEEP

      12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gjwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maHN5RA

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • ModiLoader Second Stage

    • Xloader payload

    • Blocklisted process makes network request

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks