General

  • Target

    4c70d5b1c63a468f7e0aedf64f93ca42

  • Size

    1024KB

  • Sample

    210928-g3sewsagf7

  • MD5

    4c70d5b1c63a468f7e0aedf64f93ca42

  • SHA1

    c248ab00560786b7be23151597d9503a2e84602f

  • SHA256

    83242a0f42be34e66e502e4a3a45d2470f3b24aef8a1d8484711f4439d7fe74a

  • SHA512

    2146f98b4f950555333a00668ab6f71ad2a432b12d12cb0c07cc2dc342884f88b491442c84da763b3101ee7ac89e8c08f6552203ba9470401e934191e4858a8c

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mjyv

C2

http://www.simpeltattofor.men/mjyv/

Decoy

wenyuexuan.com

tropicaldepression.info

healthylifefit.com

reemletenleafy.com

jmrrve.com

mabduh.com

esomvw.com

selfcaresereneneness.com

murdabudz.com

meinemail.online

brandqrcodes.com

live-in-pflege.com

nickrecovery.com

ziototoristorante.com

chatcure.com

corlora.com

localagentlab.com

yogo7.net

krveop.com

heianswer.xyz

Targets

    • Target

      4c70d5b1c63a468f7e0aedf64f93ca42

    • Size

      1024KB

    • MD5

      4c70d5b1c63a468f7e0aedf64f93ca42

    • SHA1

      c248ab00560786b7be23151597d9503a2e84602f

    • SHA256

      83242a0f42be34e66e502e4a3a45d2470f3b24aef8a1d8484711f4439d7fe74a

    • SHA512

      2146f98b4f950555333a00668ab6f71ad2a432b12d12cb0c07cc2dc342884f88b491442c84da763b3101ee7ac89e8c08f6552203ba9470401e934191e4858a8c

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks