General

  • Target

    155553bb67adc4d25f04154a47b31059d3510ac758fce357254e48aef069e3a8

  • Size

    660KB

  • Sample

    220617-cypqzscfb9

  • MD5

    429a8893d73e0b1ea7770e1a83428a22

  • SHA1

    7004aadcd616ff620ae9ffd47615ce40b7d54ea6

  • SHA256

    155553bb67adc4d25f04154a47b31059d3510ac758fce357254e48aef069e3a8

  • SHA512

    dd48efdb8a6f7c5f738990d9c73b654e94ef6840f8f26a995fcef8adf985a672c18fb7d5d2d78cd5a33b6c2bfb8900df006e442064b8e5ec64033e53a09a6727

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

ip4t

Decoy

710wgm.com

ournewhorizon.com

hilfe-online.xyz

suryaciptanusantara.com

hfrdwy.com

solutionscollection.com

savor.menu

fxivcama.com

freedom-recruitment.com

owldit.com

fullbiz.online

ztgifts.com

zerlastreeservices.com

simpleenergyai.com

ostheide-immobilien.com

mike-piano.com

xiheps.com

usedcarindonesia-ace.com

yuncuiyunying.xyz

hopecrtprotour.com

Targets

    • Target

      155553bb67adc4d25f04154a47b31059d3510ac758fce357254e48aef069e3a8

    • Size

      660KB

    • MD5

      429a8893d73e0b1ea7770e1a83428a22

    • SHA1

      7004aadcd616ff620ae9ffd47615ce40b7d54ea6

    • SHA256

      155553bb67adc4d25f04154a47b31059d3510ac758fce357254e48aef069e3a8

    • SHA512

      dd48efdb8a6f7c5f738990d9c73b654e94ef6840f8f26a995fcef8adf985a672c18fb7d5d2d78cd5a33b6c2bfb8900df006e442064b8e5ec64033e53a09a6727

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks