Resubmissions

21-07-2021 21:42

210721-p6tfd1312a 10

21-07-2021 16:56

210721-32kqsm4kzn 10

General

  • Target

    3be492c34e92a83547b0d1656e21f2d8aed8f7448fcb9f720b401c9daa26fc61

  • Size

    767KB

  • Sample

    210721-32kqsm4kzn

  • MD5

    0ddeb0b17f45b044ca999164550dd25c

  • SHA1

    98c59b8743624e0354d47e51ccbc52d37c2260ec

  • SHA256

    3be492c34e92a83547b0d1656e21f2d8aed8f7448fcb9f720b401c9daa26fc61

  • SHA512

    83e87605ba0e523d9f1c215e2695f95d5a5f886e0151412212ec7c9abd0acebca5a2f2fd42df4fc292fc8ba72991cb38b8426179d4f103c1389ba6b44e8fe917

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.partypacktv.net/a3ea/

Decoy

yvsgge.com

shooter2.com

ugcfashion.com

deltaefficiencies.com

raidertomb.com

atiempoconguadalupe.com

whmmhh.com

hangar360aircraft.com

toughcookiemasks.store

blindowlch.com

yipo.info

mindsomamove.com

theresalobstahlike.com

nova-select.com

socetegen.com

platinaman.com

datsu-nihon.com

jumpstartinggenius.com

slxplay.com

rightwaysdecor.com

Targets

    • Target

      3be492c34e92a83547b0d1656e21f2d8aed8f7448fcb9f720b401c9daa26fc61

    • Size

      767KB

    • MD5

      0ddeb0b17f45b044ca999164550dd25c

    • SHA1

      98c59b8743624e0354d47e51ccbc52d37c2260ec

    • SHA256

      3be492c34e92a83547b0d1656e21f2d8aed8f7448fcb9f720b401c9daa26fc61

    • SHA512

      83e87605ba0e523d9f1c215e2695f95d5a5f886e0151412212ec7c9abd0acebca5a2f2fd42df4fc292fc8ba72991cb38b8426179d4f103c1389ba6b44e8fe917

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks