General

  • Target

    987654OIUYFG.exe

  • Size

    821KB

  • Sample

    210507-kx472tyena

  • MD5

    0e0d5f9088ea19c58c3763c0ada56396

  • SHA1

    cfe4ae26328d511ac04c2a51aebdb82ee463c0d3

  • SHA256

    7f0511e940e8caa44c759e4696bf6b6b7f1389a2290b25c5e3f491270c63daab

  • SHA512

    cf4aea4bd30333fdfbf8dbfcd1ae9909f281f0e67b14d8d4d0c9ae4ac5d2579af968d1022169b238016b00448dd49c8de7b13b1f6824fecf56b15a08c4364e6b

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.hysjs168.com/uv34/

Decoy

lattakia-imbiss.com

helenafinaltouch.com

yogamays.com

habangli.com

embraceblm.com

freeurlsite.com

szxanpet.com

inspirationalsblog.com

calibratefirearms.net

chelseashalza.com

ihdeuruim.com

symbolofsafety.com

albanyhumanesociety.net

exclusiveoffer.bet

888yuntu.com

maraitime.com

caletaexperience.com

dreamlikeliving.com

wolvesmito.club

zbyunjin.com

Targets

    • Target

      987654OIUYFG.exe

    • Size

      821KB

    • MD5

      0e0d5f9088ea19c58c3763c0ada56396

    • SHA1

      cfe4ae26328d511ac04c2a51aebdb82ee463c0d3

    • SHA256

      7f0511e940e8caa44c759e4696bf6b6b7f1389a2290b25c5e3f491270c63daab

    • SHA512

      cf4aea4bd30333fdfbf8dbfcd1ae9909f281f0e67b14d8d4d0c9ae4ac5d2579af968d1022169b238016b00448dd49c8de7b13b1f6824fecf56b15a08c4364e6b

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks