General

  • Target

    e7cabf681ce8989913c4c78c8f539a791c852e0e637f359d2a399b91dc676506

  • Size

    700KB

  • Sample

    211113-159xhacegk

  • MD5

    abbd913fabcce80fe6c14f8103800378

  • SHA1

    bbfd5bd99597e246fe61dc8fa4cbaa99c1808b1b

  • SHA256

    e7cabf681ce8989913c4c78c8f539a791c852e0e637f359d2a399b91dc676506

  • SHA512

    7eb56ebeac274545ccbf91ed01e1290ccd168b5b506a027993745ad6d8255ed652d32c1570218aca10434c40c7218f5e088e8d2021b30f8eef674d22dcc64655

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n58i

C2

http://www.makingitreignz.com/n58i/

Decoy

charlottebishop.com

afafshawwabibi.com

salomesac.com

albaelectric.info

ashcm.com

cxlgroups.com

kbittesting.com

stogelair.com

dgredg.com

smokersoutletinc.com

gdmo112.com

innovationmotive.xyz

outbarter.info

abevegege.online

peterjhill.com

fubosportsbetting.com

probristow.com

despirad.com

halloweengeneral.com

milesofsmileskinder.com

Targets

    • Target

      e7cabf681ce8989913c4c78c8f539a791c852e0e637f359d2a399b91dc676506

    • Size

      700KB

    • MD5

      abbd913fabcce80fe6c14f8103800378

    • SHA1

      bbfd5bd99597e246fe61dc8fa4cbaa99c1808b1b

    • SHA256

      e7cabf681ce8989913c4c78c8f539a791c852e0e637f359d2a399b91dc676506

    • SHA512

      7eb56ebeac274545ccbf91ed01e1290ccd168b5b506a027993745ad6d8255ed652d32c1570218aca10434c40c7218f5e088e8d2021b30f8eef674d22dcc64655

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks