General

  • Target

    LisectAVT_2403002C_89.exe

  • Size

    214KB

  • Sample

    240725-b9zjwsthre

  • MD5

    3e63f636a493ee210b6627e63c954665

  • SHA1

    07edabeb3c3375043de5a0a2af222a9888e40c75

  • SHA256

    e00c78c89894028be70f0125ab20cc5919d39930fb98d01b367c3f05d69029ce

  • SHA512

    4bea9a7c13ff9543532bbbb5ef1497bf3d31d03d1629365d962e953695ebc4d77dde329b451e1b07cdf18c3883d22df2e58b2602e116e32bc4292e027b2c0a42

  • SSDEEP

    6144:oNeZg14JHXuf5KmE+rZOuTdcC2xIC90pLXg4Psgf:oN8HXG1NOiSPxbCLX7PsO

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hsot

Decoy

carefile.icu

autrement-dit-translation.com

openft.xyz

hip-express.com

snowwisdom.com

effort-less.xyz

cardiopulmonaryservices.com

mednotics.com

hxtz54.com

sendex.global

getemergencyfood.com

xn--ekr703aymjgvi.group

whitmanrandolphmath.com

theunitedgamingleague.net

sxqnx.com

finessemovement.com

srsremodelinginc.com

shuddhiorganics.com

tlichomedical.com

millennium.school

Targets

    • Target

      LisectAVT_2403002C_89.exe

    • Size

      214KB

    • MD5

      3e63f636a493ee210b6627e63c954665

    • SHA1

      07edabeb3c3375043de5a0a2af222a9888e40c75

    • SHA256

      e00c78c89894028be70f0125ab20cc5919d39930fb98d01b367c3f05d69029ce

    • SHA512

      4bea9a7c13ff9543532bbbb5ef1497bf3d31d03d1629365d962e953695ebc4d77dde329b451e1b07cdf18c3883d22df2e58b2602e116e32bc4292e027b2c0a42

    • SSDEEP

      6144:oNeZg14JHXuf5KmE+rZOuTdcC2xIC90pLXg4Psgf:oN8HXG1NOiSPxbCLX7PsO

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      gynoox.exe

    • Size

      3KB

    • MD5

      c81d16f671e6bdf7f5ae1c7003856717

    • SHA1

      031ae8483b93c7040fb327d1141dfafa636b75bb

    • SHA256

      ea757de6b7cb2593fbdac083b42f2143812370c864e30c8c461de152664e9a1f

    • SHA512

      f08e25b1f3ba7e58b4f4993b4cf4079e45c132dc85f6f323eba83c4a92d61e76c74a0b264802aabc031f08f13d291d1c6556bd8d7747ba5f37b306346bc732f8

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks