General

  • Target

    af8607577b52a1404c4055a4f4541627491af2758839b4261ec8d263f383e583

  • Size

    455KB

  • Sample

    220617-b26m8shhhn

  • MD5

    28b51c5be3a1b785198ed93af6b660ce

  • SHA1

    28ddb11a762f95dac1356c80579c1bc56473f037

  • SHA256

    af8607577b52a1404c4055a4f4541627491af2758839b4261ec8d263f383e583

  • SHA512

    3137a78515c94d4c7f59fc1f4a22ab105256c427c3016d745f075a8f8b343c412e13168a1ee4377d570dbff2e4f1967edc8e83ea08707d6635f2321c7aa9048f

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

grh2

Decoy

xk0brx90clasle.xyz

xu0dmczr2rl4f5.xyz

ethiou.com

holtanalytical.site

bdswissminingtech.com

kardspodcast.com

phoenixtx.net

worldsriot.com

xn--cssvis15p.top

aydenalice.com

vinnyandfrens.com

greks33.com

clickintestinal.com

manningscr.com

ptryiuhfdsbc9522.xyz

cottageindentchi.xyz

ekknag-udps.tech

thedwordbydh.com

veganin.tech

leon-bet-uz.com

Targets

    • Target

      af8607577b52a1404c4055a4f4541627491af2758839b4261ec8d263f383e583

    • Size

      455KB

    • MD5

      28b51c5be3a1b785198ed93af6b660ce

    • SHA1

      28ddb11a762f95dac1356c80579c1bc56473f037

    • SHA256

      af8607577b52a1404c4055a4f4541627491af2758839b4261ec8d263f383e583

    • SHA512

      3137a78515c94d4c7f59fc1f4a22ab105256c427c3016d745f075a8f8b343c412e13168a1ee4377d570dbff2e4f1967edc8e83ea08707d6635f2321c7aa9048f

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks