General

  • Target

    15445c010256a178c467773e86678ecdc33bc8519e4edb3703a1b3b17622f805

  • Size

    464KB

  • Sample

    220616-kc8wqsddg2

  • MD5

    be8b5906f3d79b9379f13a88ec42d218

  • SHA1

    869fd98dc84134265c27de26dcbf4dae74204713

  • SHA256

    15445c010256a178c467773e86678ecdc33bc8519e4edb3703a1b3b17622f805

  • SHA512

    f3abb8fddf2bcbadaf11be50ca956903a256443c1f2e52ec0fae6f8f38132282465c79cf15cfc71ae2e11b0569163625dd8bdfd2413d0cb62d81e981794d4ce4

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

grh2

Decoy

xk0brx90clasle.xyz

xu0dmczr2rl4f5.xyz

ethiou.com

holtanalytical.site

bdswissminingtech.com

kardspodcast.com

phoenixtx.net

worldsriot.com

xn--cssvis15p.top

aydenalice.com

vinnyandfrens.com

greks33.com

clickintestinal.com

manningscr.com

ptryiuhfdsbc9522.xyz

cottageindentchi.xyz

ekknag-udps.tech

thedwordbydh.com

veganin.tech

leon-bet-uz.com

Targets

    • Target

      15445c010256a178c467773e86678ecdc33bc8519e4edb3703a1b3b17622f805

    • Size

      464KB

    • MD5

      be8b5906f3d79b9379f13a88ec42d218

    • SHA1

      869fd98dc84134265c27de26dcbf4dae74204713

    • SHA256

      15445c010256a178c467773e86678ecdc33bc8519e4edb3703a1b3b17622f805

    • SHA512

      f3abb8fddf2bcbadaf11be50ca956903a256443c1f2e52ec0fae6f8f38132282465c79cf15cfc71ae2e11b0569163625dd8bdfd2413d0cb62d81e981794d4ce4

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks