General

  • Target

    59fc75f30806604d945fbeac296537ef897a7d591f945b69db71a1a0376d3cae

  • Size

    1017KB

  • Sample

    230129-y4x57sbh85

  • MD5

    2bc0933dab925476cf847451e0828828

  • SHA1

    e34abc9014acd57f7dcdf3f55f89cffbb20ac481

  • SHA256

    59fc75f30806604d945fbeac296537ef897a7d591f945b69db71a1a0376d3cae

  • SHA512

    d39b8cf872c6f26a7e512a5d7704f8784a4232b161b6ff98a471858ad6fa28b78777fc0955ae1447146b3f9c222f60ad190c99b7c21fa41df34d38039973ee30

  • SSDEEP

    12288:R63wgxUeE/unNGZmrEz6tOFPHjllFKYvPamVkKtjVTsAk+NvY2aIO7x9QBQBD:Ri+unexDllFKoZVkpALvYy4x9QBa

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qbeg

Decoy

cssquaredgames.com

photumapps.site

adityachevella.com

rdint.net

aibocapital.com

ehfnmpcv.icu

altanube.com

positivelyunrealclothing.com

thecognitiv.com

kundk-gebaeudemanagement.com

liveatfyi.com

mx-mark.xyz

joyidagiza.com

belledonneforet.com

parent-list.com

andreflorist.com

travelustrentals.com

sreecharithhospitals.com

shotsound.com

handlewithhaircarebeauty.com

Targets

    • Target

      59fc75f30806604d945fbeac296537ef897a7d591f945b69db71a1a0376d3cae

    • Size

      1017KB

    • MD5

      2bc0933dab925476cf847451e0828828

    • SHA1

      e34abc9014acd57f7dcdf3f55f89cffbb20ac481

    • SHA256

      59fc75f30806604d945fbeac296537ef897a7d591f945b69db71a1a0376d3cae

    • SHA512

      d39b8cf872c6f26a7e512a5d7704f8784a4232b161b6ff98a471858ad6fa28b78777fc0955ae1447146b3f9c222f60ad190c99b7c21fa41df34d38039973ee30

    • SSDEEP

      12288:R63wgxUeE/unNGZmrEz6tOFPHjllFKYvPamVkKtjVTsAk+NvY2aIO7x9QBQBD:Ri+unexDllFKoZVkpALvYy4x9QBa

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks