General

  • Target

    f52e6227038fd13f5351dff792517096

  • Size

    669KB

  • Sample

    220127-q6e4eaebg2

  • MD5

    f52e6227038fd13f5351dff792517096

  • SHA1

    026dbec6438da97c15811b329f474aac503aa47f

  • SHA256

    76206cfe9c2933e343b7650e368175a1a94b5f25927685e0b3fa5f317696e073

  • SHA512

    daef7b5ae4070a6b315227a6c0d6b00b54b2302280c6c11c86425ae09cf1816520e8726ec14bd32041a63d5bd9b98d395be1fe25f653465e97a1e8d214c36457

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

    • Target

      f52e6227038fd13f5351dff792517096

    • Size

      669KB

    • MD5

      f52e6227038fd13f5351dff792517096

    • SHA1

      026dbec6438da97c15811b329f474aac503aa47f

    • SHA256

      76206cfe9c2933e343b7650e368175a1a94b5f25927685e0b3fa5f317696e073

    • SHA512

      daef7b5ae4070a6b315227a6c0d6b00b54b2302280c6c11c86425ae09cf1816520e8726ec14bd32041a63d5bd9b98d395be1fe25f653465e97a1e8d214c36457

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks