General
-
Target
e4c8d479759c6e189b3fa55159cb4399e47934d39cc3cbd28e2e75ba826ba86a
-
Size
206KB
-
Sample
230129-xvn1habg9t
-
MD5
5617428ac63756a9a47d7c52603406d4
-
SHA1
5bc937e71aa0aab508360370a557f683675dc832
-
SHA256
e4c8d479759c6e189b3fa55159cb4399e47934d39cc3cbd28e2e75ba826ba86a
-
SHA512
25ef32b02505f1f334e4e86a6ef181ba531890219d6662152d71fbef7165e65bcfe84e347ff5f2d418c1c102781b2d6f38da7a84b7559be1a3180e14fbbd254d
-
SSDEEP
6144:59X0GvV6IedPyUuHwdkOGlQm52B/qsAs1SZXKyL/Klm:/0SV/Ui4GlQm52NqsAs1SUK7
Malware Config
Extracted
xloader
2.3
siwq
pestcontrolcleaning.com
openpandoras.com
timmsoski.com
viva-hair.com
icebergpeakgaming.com
pebblecreatives.com
marydilip.info
ashtonmaker.com
aclarandocafe.com
apibet365.com
maddykellyactor.com
sxtengchi.com
victoriamassage.net
html15.com
bamabailbonding.com
ltknudsen.com
haziee.com
knenglishkor.com
inpolychrome.com
inishcorp.com
Targets
-
-
Target
e4c8d479759c6e189b3fa55159cb4399e47934d39cc3cbd28e2e75ba826ba86a
-
Size
206KB
-
MD5
5617428ac63756a9a47d7c52603406d4
-
SHA1
5bc937e71aa0aab508360370a557f683675dc832
-
SHA256
e4c8d479759c6e189b3fa55159cb4399e47934d39cc3cbd28e2e75ba826ba86a
-
SHA512
25ef32b02505f1f334e4e86a6ef181ba531890219d6662152d71fbef7165e65bcfe84e347ff5f2d418c1c102781b2d6f38da7a84b7559be1a3180e14fbbd254d
-
SSDEEP
6144:59X0GvV6IedPyUuHwdkOGlQm52B/qsAs1SZXKyL/Klm:/0SV/Ui4GlQm52NqsAs1SUK7
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-