General

  • Target

    8dea3dfc88c81629eda9299c7031ed9e

  • Size

    248KB

  • Sample

    220127-q6e4eadgam

  • MD5

    8dea3dfc88c81629eda9299c7031ed9e

  • SHA1

    14cb4a4e1d5ca4a715a06df641933f7d50cd40b6

  • SHA256

    7bc209b35e0f0838c03f3a67be9e3f362a440ad2c8a3434dd52c4a16c4a72135

  • SHA512

    4f688839482e354bd6b4a622a3464c19b6f92cb2500b5b9f8687e209324efa415cb1e8ae56031a5144b445176c23a638cb580f43accdb462278990ada12d9f53

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u6vb

Decoy

blendedmatter.com

piquinmarketing.com

dubkirelax.online

optimumotoaksesuar.com

bendisle.com

islamicgeometricpatterns.net

cheesebox.online

lh-coaching.com

buildingmaterial.info

backwoods72.com

goodtreetee.com

zknqqpvsypx.mobi

phukienstreaming.com

turkistick.com

cbd-shop-portugal.com

imherllc.com

krallechols.quest

ttmmb.com

pornmodelsworld.com

weakyummy.space

Targets

    • Target

      8dea3dfc88c81629eda9299c7031ed9e

    • Size

      248KB

    • MD5

      8dea3dfc88c81629eda9299c7031ed9e

    • SHA1

      14cb4a4e1d5ca4a715a06df641933f7d50cd40b6

    • SHA256

      7bc209b35e0f0838c03f3a67be9e3f362a440ad2c8a3434dd52c4a16c4a72135

    • SHA512

      4f688839482e354bd6b4a622a3464c19b6f92cb2500b5b9f8687e209324efa415cb1e8ae56031a5144b445176c23a638cb580f43accdb462278990ada12d9f53

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks