General
-
Target
06e39ab322fda94c231cd51b9f5e60ea
-
Size
692KB
-
Sample
231219-mj867adhc6
-
MD5
06e39ab322fda94c231cd51b9f5e60ea
-
SHA1
8cc59571463811f56006426ee81a0d5b220beaec
-
SHA256
c55b9c07d7796fc4b41095b8bada978ef5995211936a301cfdbd6be4d0c0ec67
-
SHA512
17bc8ac8741e294a03990230e913163555c1a400827db44c95282ed9cf000f04f698537d677af9bcda7d13dee03ff3f7bd2766854074cde3960db946c61cadbe
-
SSDEEP
12288:6az2qMvipacTQEwH0YSMd8c0LNbuiGgNXhLGt9xHg7HvTTxL+CMDE:j3+EwH0YSMR0ZuKNXtQXA7HvnxI4
Malware Config
Extracted
xloader
2.5
gab8
amateurfeetworship.com
big-food.biz
metaversevolution.com
profecional-pacasmayo.com
royzoom.com
bekindevolution.com
hokozaki.com
waltersswholesale.com
wayfinderacu.com
schnurrgallery.com
babygearrentals.net
imggtoken.club
24x7x366.com
lakiernictwo.info
les-cours.com
dwticket.com
onarollshades.com
ramireztradepartners.com
safarparfums.com
6ngie.info
Targets
-
-
Target
06e39ab322fda94c231cd51b9f5e60ea
-
Size
692KB
-
MD5
06e39ab322fda94c231cd51b9f5e60ea
-
SHA1
8cc59571463811f56006426ee81a0d5b220beaec
-
SHA256
c55b9c07d7796fc4b41095b8bada978ef5995211936a301cfdbd6be4d0c0ec67
-
SHA512
17bc8ac8741e294a03990230e913163555c1a400827db44c95282ed9cf000f04f698537d677af9bcda7d13dee03ff3f7bd2766854074cde3960db946c61cadbe
-
SSDEEP
12288:6az2qMvipacTQEwH0YSMd8c0LNbuiGgNXhLGt9xHg7HvTTxL+CMDE:j3+EwH0YSMR0ZuKNXtQXA7HvnxI4
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-