General

  • Target

    cbf76c8bc37dc78fa1564b3885d7da98

  • Size

    861KB

  • Sample

    220616-g8wz9sfadq

  • MD5

    cbf76c8bc37dc78fa1564b3885d7da98

  • SHA1

    8b9bb7259038296908bc16bd6ab92bb89fcf2452

  • SHA256

    f9eafc2e0d113c33ff2ef3c080001165cde3e53b379662b35643d4cfaab9e25c

  • SHA512

    aa69e9d450f8cde01259678c08a5eeae287c4b8754ebbe6fa7a5c8ad6d7db2937984f06af4090856142613007ddd6f95adbc7eca5d23818962b4d16688b5be38

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

n9e0

Decoy

sezevoa.xyz

fastfoodcolombia.com

sportsonemanagement.com

tuftdayz.com

vastrawomen.com

budgetmattresscenter.com

grocits.com

deadrussiankids.com

cvicleaners.com

snn262.xyz

it-karaduman.net

cnbbanbk.com

bbwylqrqdkpxxa.com

elegantaura.website

hundredplusapps.com

bonsaidou.net

rhodeislandcrush.com

oawys.com

playandswitch.com

namoshr.com

Targets

    • Target

      cbf76c8bc37dc78fa1564b3885d7da98

    • Size

      861KB

    • MD5

      cbf76c8bc37dc78fa1564b3885d7da98

    • SHA1

      8b9bb7259038296908bc16bd6ab92bb89fcf2452

    • SHA256

      f9eafc2e0d113c33ff2ef3c080001165cde3e53b379662b35643d4cfaab9e25c

    • SHA512

      aa69e9d450f8cde01259678c08a5eeae287c4b8754ebbe6fa7a5c8ad6d7db2937984f06af4090856142613007ddd6f95adbc7eca5d23818962b4d16688b5be38

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks