General

  • Target

    7577396126.zip

  • Size

    621KB

  • Sample

    220616-v7c3naahb6

  • MD5

    90fbd39702849f1b910396af2eb1fca9

  • SHA1

    639d762d4bff6a31e7e248d741e85265708d58e5

  • SHA256

    69eaf29a9c0488d653659db3486155dff10032206b01b7c41a95031c7aef8c04

  • SHA512

    adf047d9681add82ca6cc284ea1e01c9e968b08e0933db20201bb3a507f81e779feea8410fdde61065666d3b71eea0c7d0ea7ebd08451116e49a30c7a0574a41

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

zu08

Decoy

authree.xyz

nunezpropiedades.com

xancr.xyz

conservativenew.com

petsapeca.com

pamellaeleo.com

veepernet.com

lswjr354j545.com

goddessira.com

allthisfuturetour.com

lavastonesa.com

minpaulchatman.com

multilifedrinks.com

whoseme.com

vizzzals.com

baj.golf

0w67.com

veminis.com

vmpay.loans

hot-coral.com

Targets

    • Target

      5727bd2a7b33b370391aa7f77ffc09360d6f4b77a0af5fe4f7e5fbf6f1fbedd2

    • Size

      749KB

    • MD5

      62549d4ae2fc9a27f23a608057b18437

    • SHA1

      1bdc32cd853abfdd4cdc3634965572893077a4c4

    • SHA256

      5727bd2a7b33b370391aa7f77ffc09360d6f4b77a0af5fe4f7e5fbf6f1fbedd2

    • SHA512

      e0d1dc1aed70387d98abd7ee11dce3167ca4f7b237c34765e146a9276b11bc160c61aaf6db375e18fb85c24e3ab220503a5d00c09e8e0244f233971840e13552

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks