General

  • Target

    75d48de6e8fb72f76852f3e22299ffafe79a26bd3c0ba6362c8ddf15396d882e

  • Size

    624KB

  • Sample

    230129-y9vx2adf2x

  • MD5

    8afcb06ed5c6e589cb0d3382791ed2b2

  • SHA1

    3461fc106afed85206e5bcc219fb1201cec0eafb

  • SHA256

    75d48de6e8fb72f76852f3e22299ffafe79a26bd3c0ba6362c8ddf15396d882e

  • SHA512

    4d093943a720e7198db7319b4367f26c3c29a4ec2ce2ce2bd30923734eb5c99bb578ed1e9f0a790ddede82d56e28a523e9116bf747a2acba6f294aff25758993

  • SSDEEP

    12288:XglcEFqqylXEtlLCFzFV2mekufvmKQysnNzdaDoll:Xov4EtlUzFV2mekPhysZdaUl

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uszn

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

Targets

    • Target

      75d48de6e8fb72f76852f3e22299ffafe79a26bd3c0ba6362c8ddf15396d882e

    • Size

      624KB

    • MD5

      8afcb06ed5c6e589cb0d3382791ed2b2

    • SHA1

      3461fc106afed85206e5bcc219fb1201cec0eafb

    • SHA256

      75d48de6e8fb72f76852f3e22299ffafe79a26bd3c0ba6362c8ddf15396d882e

    • SHA512

      4d093943a720e7198db7319b4367f26c3c29a4ec2ce2ce2bd30923734eb5c99bb578ed1e9f0a790ddede82d56e28a523e9116bf747a2acba6f294aff25758993

    • SSDEEP

      12288:XglcEFqqylXEtlLCFzFV2mekufvmKQysnNzdaDoll:Xov4EtlUzFV2mekPhysZdaUl

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks