General

  • Target

    dc1325117fde7f750e5c4a2fcaa09560b63760da668d899ad9dcf9e414e85fbf

  • Size

    668KB

  • Sample

    220621-cmj2csghgr

  • MD5

    d558a014b63621911fea88739bd4d442

  • SHA1

    770267f47a9330db866ab28f10abab1fde94e625

  • SHA256

    dc1325117fde7f750e5c4a2fcaa09560b63760da668d899ad9dcf9e414e85fbf

  • SHA512

    cbfdf8a9422366faee5e546d9b02baf330f583c1684580b912ddbbfaff028bc6147c92db0ec9598a85bf48400a78288036ce7cb5564f82bd5769a457aadca2ef

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

ip4t

Decoy

710wgm.com

ournewhorizon.com

hilfe-online.xyz

suryaciptanusantara.com

hfrdwy.com

solutionscollection.com

savor.menu

fxivcama.com

freedom-recruitment.com

owldit.com

fullbiz.online

ztgifts.com

zerlastreeservices.com

simpleenergyai.com

ostheide-immobilien.com

mike-piano.com

xiheps.com

usedcarindonesia-ace.com

yuncuiyunying.xyz

hopecrtprotour.com

Targets

    • Target

      dc1325117fde7f750e5c4a2fcaa09560b63760da668d899ad9dcf9e414e85fbf

    • Size

      668KB

    • MD5

      d558a014b63621911fea88739bd4d442

    • SHA1

      770267f47a9330db866ab28f10abab1fde94e625

    • SHA256

      dc1325117fde7f750e5c4a2fcaa09560b63760da668d899ad9dcf9e414e85fbf

    • SHA512

      cbfdf8a9422366faee5e546d9b02baf330f583c1684580b912ddbbfaff028bc6147c92db0ec9598a85bf48400a78288036ce7cb5564f82bd5769a457aadca2ef

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks