General

  • Target

    592b026b4d94568a2e9b9ee96b6628bc004ab94165b1b6c8b00e0693b5c99992

  • Size

    445KB

  • Sample

    220616-s9nwtsade8

  • MD5

    fcc528968d9091b9a64b63ab25ea2fa6

  • SHA1

    d5b6e47aef62e6b00ed9bceaefb1f50d5ae603d6

  • SHA256

    592b026b4d94568a2e9b9ee96b6628bc004ab94165b1b6c8b00e0693b5c99992

  • SHA512

    6447b3dceef83ce948c586dfa9609751a86a6ffed16b2d36528c634bdfacead9a22a20ac9dfbb7fbb4c55fe77e7696b852725ce759f2e0b2952d5a2eda28ce2c

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

n9e0

Decoy

sezevoa.xyz

fastfoodcolombia.com

sportsonemanagement.com

tuftdayz.com

vastrawomen.com

budgetmattresscenter.com

grocits.com

deadrussiankids.com

cvicleaners.com

snn262.xyz

it-karaduman.net

cnbbanbk.com

bbwylqrqdkpxxa.com

elegantaura.website

hundredplusapps.com

bonsaidou.net

rhodeislandcrush.com

oawys.com

playandswitch.com

namoshr.com

Targets

    • Target

      592b026b4d94568a2e9b9ee96b6628bc004ab94165b1b6c8b00e0693b5c99992

    • Size

      445KB

    • MD5

      fcc528968d9091b9a64b63ab25ea2fa6

    • SHA1

      d5b6e47aef62e6b00ed9bceaefb1f50d5ae603d6

    • SHA256

      592b026b4d94568a2e9b9ee96b6628bc004ab94165b1b6c8b00e0693b5c99992

    • SHA512

      6447b3dceef83ce948c586dfa9609751a86a6ffed16b2d36528c634bdfacead9a22a20ac9dfbb7fbb4c55fe77e7696b852725ce759f2e0b2952d5a2eda28ce2c

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks