General

  • Target

    cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af

  • Size

    205KB

  • Sample

    230129-xvq5vsbg9v

  • MD5

    975ea043e07e5b18a36acd47e528fd80

  • SHA1

    54ce166f50524e9412ddaa41c2332e78de00734e

  • SHA256

    cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af

  • SHA512

    7bf4b9f440d582faf803a00383c1748029c1b93964524bfe159264405eac6b6eb957398e5c1c225731fad7509b7a4108803838cfcd9d05a6d04a4b5ad7885c40

  • SSDEEP

    6144:r9X0GfUigNb+mlj97SCZs5UkfXbiClgjW3rac0:F0qsbBH70Uk/b5CjWv0

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xgxp

Decoy

sin7799.com

konkondwa.com

fixmylot.com

redbirdscottsdale.com

cotcoservices.com

jonwcvxw.com

scotthaeberletriathlon.com

bob816.com

pinukimgood.life

ambitiondurable-ce.com

jioholdingscorp.com

thisisadreamright.com

asaptebal.xyz

sloanehealth.com

huugmooren.com

birdsbarber.supply

albeider.com

theperfectcolour.com

alibabulilmhouston.com

chaing-list.xyz

Targets

    • Target

      cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af

    • Size

      205KB

    • MD5

      975ea043e07e5b18a36acd47e528fd80

    • SHA1

      54ce166f50524e9412ddaa41c2332e78de00734e

    • SHA256

      cf22f276250ff13f33a16fc28c9dec0ad71fda682edaa2db20852fae1e81e7af

    • SHA512

      7bf4b9f440d582faf803a00383c1748029c1b93964524bfe159264405eac6b6eb957398e5c1c225731fad7509b7a4108803838cfcd9d05a6d04a4b5ad7885c40

    • SSDEEP

      6144:r9X0GfUigNb+mlj97SCZs5UkfXbiClgjW3rac0:F0qsbBH70Uk/b5CjWv0

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

2
T1082

Tasks