General
-
Target
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097
-
Size
556KB
-
Sample
221130-p1zp7aed6y
-
MD5
e866034515b719467290d53f5919d599
-
SHA1
8cab0abfaaa087630930df86c8e25d5c9123dc75
-
SHA256
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097
-
SHA512
a2601cfe472869b73fcec91aa03263ad74e49f2862d5dd22256376acf5002102c4f197a74116ebdafdd95744bf3c57a436c6a2e1850cf85351c3a9aafa48319d
-
SSDEEP
6144:Kd5DMAYloj1/L8YEAQwgG5hUQf+a/07WbvW17ZdhG3uK1gSySxfcph:Kd5DMAzjN4YEAFdmaM6UjhCu+gSeph
Malware Config
Extracted
xloader
2.3
h3qo
dhflow.com
jyindex.com
ezcleanhandle.com
trungtamcongdong.online
simsprotectionagency.com
easylivemeet.com
blackvikingfashionhouse.com
52banxue.com
girlsinit.com
drhemo.com
freethefarmers.com
velvetrosephotography.com
geometricbotaniclas.com
skyandspirit.com
deltacomunicacao.com
mucademy.com
jaboilfieldsolutions.net
howtowinatblackjacknow.com
anytimegrowth.com
simranluthra.com
Targets
-
-
Target
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097
-
Size
556KB
-
MD5
e866034515b719467290d53f5919d599
-
SHA1
8cab0abfaaa087630930df86c8e25d5c9123dc75
-
SHA256
5ed6b87afc6eddea0e7275496364bb9cc2b0246f7fe36069a69cdf50b6823097
-
SHA512
a2601cfe472869b73fcec91aa03263ad74e49f2862d5dd22256376acf5002102c4f197a74116ebdafdd95744bf3c57a436c6a2e1850cf85351c3a9aafa48319d
-
SSDEEP
6144:Kd5DMAYloj1/L8YEAQwgG5hUQf+a/07WbvW17ZdhG3uK1gSySxfcph:Kd5DMAzjN4YEAFdmaM6UjhCu+gSeph
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-