General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.46640893.31769.927.exe

  • Size

    515KB

  • Sample

    221230-v3p7esga85

  • MD5

    f3a9d5deb7dd858b061a15db5a7ad7bf

  • SHA1

    b27a84343f94f48d61977cd1ac8a256be6147a7f

  • SHA256

    01185a62dae5e19c37748c6366026ff41bfc56b6d9fcd61c1cc9f4750ef82891

  • SHA512

    29907489804c372216765aa6f613b020f228aa48f7d7a2c25276e609b0869b0127b85b9d1fc12c52e05eff60798d61ae71ccc39b9c04b6a023454a43ab25cda8

  • SSDEEP

    12288:ibsv0ufRA9xjjt9ybg/Pp490LqbWKY3n4T6ivRO:ibSfRAJDhobJ8OLE

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

oyde

Decoy

filgon.net

orientystek.xyz

tysonintelligent.com

paineldeledpocosdecaldas.com

cghandbags.com

waldprojects.com

wichitakshomesearch.com

zxb688.com

zqaxf-efeb.xyz

bestshop-foryou.online

deceremonieschool.online

somebodyson.com

speersdigital.com

lideutank.com

victorapp.net

graciainc.com

urdunovelshd.com

hanbaoxin.com

weknowitsgenius.com

ruefandassociates.com

Targets

    • Target

      SecuriteInfo.com.Trojan.GenericKD.46640893.31769.927.exe

    • Size

      515KB

    • MD5

      f3a9d5deb7dd858b061a15db5a7ad7bf

    • SHA1

      b27a84343f94f48d61977cd1ac8a256be6147a7f

    • SHA256

      01185a62dae5e19c37748c6366026ff41bfc56b6d9fcd61c1cc9f4750ef82891

    • SHA512

      29907489804c372216765aa6f613b020f228aa48f7d7a2c25276e609b0869b0127b85b9d1fc12c52e05eff60798d61ae71ccc39b9c04b6a023454a43ab25cda8

    • SSDEEP

      12288:ibsv0ufRA9xjjt9ybg/Pp490LqbWKY3n4T6ivRO:ibSfRAJDhobJ8OLE

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks