General
-
Target
697603470394ef65a7996011adf0db69
-
Size
727KB
-
Sample
240120-et2wvsbehm
-
MD5
697603470394ef65a7996011adf0db69
-
SHA1
7139f8e802aa6decce3ae28fd49c3d92b5e19823
-
SHA256
90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce
-
SHA512
15a809d90a56b5b8544b994406ca954b39c3650977809e4531b684d6003b9ed597fd1c89c703d985ea898855d49cfb9b7d24f9c198c6c0d033d794c1e33167f6
-
SSDEEP
12288:zkFoWfF8i1y7REP6iioYl+4U7+iSxGzQXdCnlb8uYhkOH7zg8/W9tMyDi0+/Frrx:zkFxfFTy7REP6iioYl+4U7+iOdClb85l
Malware Config
Extracted
xloader
2.3
b8eu
ppslide.com
savorysinsation.com
camilaediego2021.com
rstrunk.net
xianshikanxiyang.club
1borefruit.com
ay-danil.club
xamangxcoax.club
waltonunderwood.com
laurabissell.com
laurawmorrow.com
albamauto.net
usamlb.com
theoyays.com
freeitproject.com
jijiservice.com
ukcarpetclean.com
wc399.com
xn--pskrtmebeton-dlbc.online
exclusivemerchantsolutions.com
Targets
-
-
Target
697603470394ef65a7996011adf0db69
-
Size
727KB
-
MD5
697603470394ef65a7996011adf0db69
-
SHA1
7139f8e802aa6decce3ae28fd49c3d92b5e19823
-
SHA256
90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce
-
SHA512
15a809d90a56b5b8544b994406ca954b39c3650977809e4531b684d6003b9ed597fd1c89c703d985ea898855d49cfb9b7d24f9c198c6c0d033d794c1e33167f6
-
SSDEEP
12288:zkFoWfF8i1y7REP6iioYl+4U7+iSxGzQXdCnlb8uYhkOH7zg8/W9tMyDi0+/Frrx:zkFxfFTy7REP6iioYl+4U7+iOdClb85l
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-