General
-
Target
0383726352632323.exe
-
Size
699KB
-
Sample
230718-n8lmvshh53
-
MD5
ab6099d4923edd6c0bf705802b0dffb4
-
SHA1
553db1a7e3ab38ec9cfeee4cb5dc5776c3b9900d
-
SHA256
d4c465f27047a494b15d0cd45c9506d7e8acafb93d02b2acf601b7b36599d1af
-
SHA512
124845a7390da0010403c5ed502ce05d78c3774ecea1c6510961e437b639ef15b22b604f9234781fe974d57be3e25fdc87b2889e26dce77a022ec3e86694177b
-
SSDEEP
12288:hhlRos7bQ9K8xBX9d7JD66ibw2zUoR+g2jm4QOUR4RC7AQ2:hfbb2Bb7VRibwlg2jm4QOZo8Q
Malware Config
Extracted
xloader
2.6
uj3c
copimetro.com
choonchain.com
luxxwireless.com
fashionweekofcincinnati.com
campingshare.net
suncochina.com
kidsfundoor.com
testingnyc.co
lovesoe.com
vehiclesbeenrecord.com
socialpearmarketing.com
maxproductdji.com
getallarticle.online
forummind.com
arenamarenostrum.com
trisuaka.xyz
designgamagazine.com
chateaulehotel.com
huangse5.com
esginvestment.tech
Targets
-
-
Target
0383726352632323.exe
-
Size
699KB
-
MD5
ab6099d4923edd6c0bf705802b0dffb4
-
SHA1
553db1a7e3ab38ec9cfeee4cb5dc5776c3b9900d
-
SHA256
d4c465f27047a494b15d0cd45c9506d7e8acafb93d02b2acf601b7b36599d1af
-
SHA512
124845a7390da0010403c5ed502ce05d78c3774ecea1c6510961e437b639ef15b22b604f9234781fe974d57be3e25fdc87b2889e26dce77a022ec3e86694177b
-
SSDEEP
12288:hhlRos7bQ9K8xBX9d7JD66ibw2zUoR+g2jm4QOUR4RC7AQ2:hfbb2Bb7VRibwlg2jm4QOZo8Q
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
ModiLoader Second Stage
-
Xloader payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-