General

  • Target

    7d53754fb2eb6479e9d71d07036133421f4d153ec252873c7beeb619f762a90f

  • Size

    226KB

  • Sample

    230120-wwcs7aba81

  • MD5

    403a0ec6b998f324dda677547ac8ec79

  • SHA1

    2e9fcc41db347d053ec58de6881527a9f529edef

  • SHA256

    7d53754fb2eb6479e9d71d07036133421f4d153ec252873c7beeb619f762a90f

  • SHA512

    0608941d064e2e3121ee4a02dba4f486ba7c997b14405b2e6d63102566bb65fbc242bb25ef424b5f1ddf07e7bc7e8226b916a00e85fc6d8d2408e966cbeb891b

  • SSDEEP

    3072:qyiLF8DnmJpNG/f90oL1yq8ogAQLxLmqjPXrxgUuUj14xy9WmfvuuWlAqXJeDg+P:qGV/l0oL1TToMqTVgfUs8efDJe81aL9f

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dx3n

Decoy

polebear.xyz

luciamoca.com

185451.com

bookfriendspodcast.net

reliancetechsolutions.com

wuzuiso.com

ig-representative.com

ryotaohno.com

wlnhcl.com

oasispoolth.com

fo71.com

storyandidentity.com

sayarpro.com

arrow-electronics-corps.net

brasbux.com

nigeriaafricasummit.com

choud.store

medicareopenenrollment.info

amlhcz.com

fdklflkdioerklfdke.store

Targets

    • Target

      7d53754fb2eb6479e9d71d07036133421f4d153ec252873c7beeb619f762a90f

    • Size

      226KB

    • MD5

      403a0ec6b998f324dda677547ac8ec79

    • SHA1

      2e9fcc41db347d053ec58de6881527a9f529edef

    • SHA256

      7d53754fb2eb6479e9d71d07036133421f4d153ec252873c7beeb619f762a90f

    • SHA512

      0608941d064e2e3121ee4a02dba4f486ba7c997b14405b2e6d63102566bb65fbc242bb25ef424b5f1ddf07e7bc7e8226b916a00e85fc6d8d2408e966cbeb891b

    • SSDEEP

      3072:qyiLF8DnmJpNG/f90oL1yq8ogAQLxLmqjPXrxgUuUj14xy9WmfvuuWlAqXJeDg+P:qGV/l0oL1TToMqTVgfUs8efDJe81aL9f

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks