Resubmissions

23-05-2023 15:26

230523-svdgjsfh53 10

General

  • Target

    IMG-78293792.exe

  • Size

    356KB

  • Sample

    230523-svdgjsfh53

  • MD5

    cb94f8bf4453d77ed35b4cccad18260c

  • SHA1

    aeacb009addb2152c05a34537f565e66b32b25d2

  • SHA256

    a39d6226eed5913f2f1d77991f011a386453d095689f85eb0ca14aac1d983466

  • SHA512

    7fb17a554481d5ff6c28edd4ee43b9306a8e59ac9f992a2b6d243b2d88eb9daa997bbf5be962f331c6ec282b15e4e67107c233691a6b05d317957072754f4135

  • SSDEEP

    6144:lZwkVnw0KesTf8DZgu2OuQ15Mgkv0StJXgBivzsXjpY/i0un1IC1ewYrbOhpRRRY:lZ7Laf8DqOrRk8+JXUMzeYRun19ewskC

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

    • Target

      IMG-78293792.exe

    • Size

      356KB

    • MD5

      cb94f8bf4453d77ed35b4cccad18260c

    • SHA1

      aeacb009addb2152c05a34537f565e66b32b25d2

    • SHA256

      a39d6226eed5913f2f1d77991f011a386453d095689f85eb0ca14aac1d983466

    • SHA512

      7fb17a554481d5ff6c28edd4ee43b9306a8e59ac9f992a2b6d243b2d88eb9daa997bbf5be962f331c6ec282b15e4e67107c233691a6b05d317957072754f4135

    • SSDEEP

      6144:lZwkVnw0KesTf8DZgu2OuQ15Mgkv0StJXgBivzsXjpY/i0un1IC1ewYrbOhpRRRY:lZ7Laf8DqOrRk8+JXUMzeYRun19ewskC

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks