General
-
Target
b80b8ce41c6c6b67a0683a7c400a24c2270981bdec1b85f4111a0f5a5af3467a
-
Size
314KB
-
Sample
230129-vgbf5sfg5s
-
MD5
7b74e2dc26c5931e3a3103ed71d6bb06
-
SHA1
8201e9871601e4eefe5fa004a4dc670f7a57b9b6
-
SHA256
b80b8ce41c6c6b67a0683a7c400a24c2270981bdec1b85f4111a0f5a5af3467a
-
SHA512
ab93509d1bd7fcd7fce7eeace9d7e82f7747d3bcd1fe6b70c207aa5fa9dd2c80124167ce1465d35382dd5a842b3e734f6a550d608ab077e1e297e5befccfcc14
-
SSDEEP
6144:pqjIlffgjQfRH8zoM6Zp8ucm9FP1Uv/NmgrUU3ub6E69MDt:AKgMfR7v8zmj1WFmBBeeR
Malware Config
Extracted
xloader
2.3
a0ce
mccordsvillefinehomes.com
alibaba-provader.space
clearpatron.com
chajmf.com
advaitatestdominio.com
nataliacuminale.com
homeremodelingokc.com
telecomcruz.com
thusspokelibraealus.com
xtr3cafe.com
kjfamilypropertyllc.com
sofakingwet.com
360ttzw.com
foodel-uk.com
bonedibangaliyana.com
atozcontractingmdmd.com
outreachrespectfully.com
betterworldtees.com
bookreservationz.net
fallguysmobel.com
Targets
-
-
Target
b80b8ce41c6c6b67a0683a7c400a24c2270981bdec1b85f4111a0f5a5af3467a
-
Size
314KB
-
MD5
7b74e2dc26c5931e3a3103ed71d6bb06
-
SHA1
8201e9871601e4eefe5fa004a4dc670f7a57b9b6
-
SHA256
b80b8ce41c6c6b67a0683a7c400a24c2270981bdec1b85f4111a0f5a5af3467a
-
SHA512
ab93509d1bd7fcd7fce7eeace9d7e82f7747d3bcd1fe6b70c207aa5fa9dd2c80124167ce1465d35382dd5a842b3e734f6a550d608ab077e1e297e5befccfcc14
-
SSDEEP
6144:pqjIlffgjQfRH8zoM6Zp8ucm9FP1Uv/NmgrUU3ub6E69MDt:AKgMfR7v8zmj1WFmBBeeR
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-