General

  • Target

    SecuriteInfo.com.Suspicious.Win32.Save.a.19722.3011

  • Size

    510KB

  • Sample

    220620-2fcfdaebh4

  • MD5

    ba748857809258b6284b8808b5970362

  • SHA1

    b79ba291dccb372c28611e80985b3d88ffd2664d

  • SHA256

    049f9e87ced5e64d948562a171161d2a807f90f35337261bebdce170e78ea5ff

  • SHA512

    95ec5e6903f4a0c72b3ca1ef6ae081c85fdaa0267b28c6b3ad8c2f09946592949c4d91701914a9b8468fab218538ab7ccf240b458f0f9b8e656d2d59d9c8a57b

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

nyx

Decoy

sairithanyaclinic.com

taskifyapp.com

153at132.com

jeyutech.com

linkalternatifqq.xyz

cameralensesko.com

hanel-industries.com

thelebanesemafia.net

luxurymask.xyz

atenkv.com

brockenhalle.com

yhysvgj.site

panabacus.com

tdesoc.com

a-specto.com

chignon.xyz

345ere.com

250soceanblvd.com

immuneee.xyz

celineprivateresidencies.com

Targets

    • Target

      SecuriteInfo.com.Suspicious.Win32.Save.a.19722.3011

    • Size

      510KB

    • MD5

      ba748857809258b6284b8808b5970362

    • SHA1

      b79ba291dccb372c28611e80985b3d88ffd2664d

    • SHA256

      049f9e87ced5e64d948562a171161d2a807f90f35337261bebdce170e78ea5ff

    • SHA512

      95ec5e6903f4a0c72b3ca1ef6ae081c85fdaa0267b28c6b3ad8c2f09946592949c4d91701914a9b8468fab218538ab7ccf240b458f0f9b8e656d2d59d9c8a57b

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks