General

  • Target

    baf2da3ba2173fe80aff443c2c6117df

  • Size

    801KB

  • Sample

    220616-hzx2msgcfk

  • MD5

    baf2da3ba2173fe80aff443c2c6117df

  • SHA1

    cc4098d22d9175867dd9056fc863f6f78a88929c

  • SHA256

    680bdc790b1b414cf9717c6ec89bc84597d1d6afb9c3fbcbbfc57114395488b5

  • SHA512

    7a1ed4f8a07ce19c2f18455e9543e9e73167b342cb9809a42d0748a9216bc255bfba4c56a83b42299edd4d1d0ac23d8efb6ea88b5229ec352b2603cd77898334

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

grh2

Decoy

xk0brx90clasle.xyz

xu0dmczr2rl4f5.xyz

ethiou.com

holtanalytical.site

bdswissminingtech.com

kardspodcast.com

phoenixtx.net

worldsriot.com

xn--cssvis15p.top

aydenalice.com

vinnyandfrens.com

greks33.com

clickintestinal.com

manningscr.com

ptryiuhfdsbc9522.xyz

cottageindentchi.xyz

ekknag-udps.tech

thedwordbydh.com

veganin.tech

leon-bet-uz.com

Targets

    • Target

      baf2da3ba2173fe80aff443c2c6117df

    • Size

      801KB

    • MD5

      baf2da3ba2173fe80aff443c2c6117df

    • SHA1

      cc4098d22d9175867dd9056fc863f6f78a88929c

    • SHA256

      680bdc790b1b414cf9717c6ec89bc84597d1d6afb9c3fbcbbfc57114395488b5

    • SHA512

      7a1ed4f8a07ce19c2f18455e9543e9e73167b342cb9809a42d0748a9216bc255bfba4c56a83b42299edd4d1d0ac23d8efb6ea88b5229ec352b2603cd77898334

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks