General

  • Target

    2e29d2fbc9f39750bca375f2d16fd025

  • Size

    1.1MB

  • Sample

    231221-31f5qsfch8

  • MD5

    2e29d2fbc9f39750bca375f2d16fd025

  • SHA1

    202c0f0a3c36e44d23ccbc9263b0713eec2938fe

  • SHA256

    c3b1c85c689dac9728d945c6584351c77e168321e8914bd90254dcc00c4993ea

  • SHA512

    9612335316aa6dcb8f3d7b4a2fa0098ab1dcfb53f3f716120bbe0a28cd158a2f35f2e955c2649a7a97a77bc56e15c926092e8c18ca278d64ab9ab2d758f4903b

  • SSDEEP

    24576:ncYOnMZe/oeLjLZ4A6DRxsc9KWrhgZdGR4:nbOnM0AAjLZlCCRlf

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b0ar

Decoy

fbadformula.com

appdios.com

guyhoquet-immobilier-drancy.com

pokerwiro.com

maxwellhospitaljaipur.com

88n9.com

bennypc.com

corcoranconsult.com

cuidatusaludcuidatucasa.com

motlakfitnes.com

laurahurricanerelief.com

nostacktofullstack.com

privsec-mail.com

andalusaihealth.com

doosanmodelhouse.com

quickbookaccountingpro.com

falconrysouk.com

vnielvmdqxk538.xyz

asshop.space

mhscdnv1.club

Targets

    • Target

      2e29d2fbc9f39750bca375f2d16fd025

    • Size

      1.1MB

    • MD5

      2e29d2fbc9f39750bca375f2d16fd025

    • SHA1

      202c0f0a3c36e44d23ccbc9263b0713eec2938fe

    • SHA256

      c3b1c85c689dac9728d945c6584351c77e168321e8914bd90254dcc00c4993ea

    • SHA512

      9612335316aa6dcb8f3d7b4a2fa0098ab1dcfb53f3f716120bbe0a28cd158a2f35f2e955c2649a7a97a77bc56e15c926092e8c18ca278d64ab9ab2d758f4903b

    • SSDEEP

      24576:ncYOnMZe/oeLjLZ4A6DRxsc9KWrhgZdGR4:nbOnM0AAjLZlCCRlf

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks