General

  • Target

    f006c4f210e64f24cd375249d50279bb

  • Size

    725KB

  • Sample

    231220-vhym3acdf7

  • MD5

    f006c4f210e64f24cd375249d50279bb

  • SHA1

    c0d6076b9f7a660d728fd0fc20a42146c6ead1b7

  • SHA256

    6a403d45488a7edf4b19ed6436d63397e7950b08dcc2987a0149b7df2c219344

  • SHA512

    099a8b532bbd13e739214dff84d91025ce967f7aa7040c9cd2df689e588b7abd003d5bafbf3d3dbefcec72a7a96a2ac493ac0b8baea31ae81b4b1fcfcd0853e8

  • SSDEEP

    12288:gdclTNleKU+EYC2J6ylNCs6BzUNlik2Juno82:gdclTNleKUW/56JwH

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ujaz

Decoy

thehastyeinstitute.com

xisougou.com

binbin-ads.com

cellosalepage.com

tentarteconessen.com

easy-cleaner.com

product-review.club

techdigital.global

bitchesheartpickles.com

thekissclubltd.com

kryptoxchange.net

eighthundredthousand.info

companyintelapp.com

newswit.xyz

davidlissoni.com

lapassionara.com

energistichealth.com

av1tv.com

caofuqi.com

beatniq-scasset.com

Targets

    • Target

      f006c4f210e64f24cd375249d50279bb

    • Size

      725KB

    • MD5

      f006c4f210e64f24cd375249d50279bb

    • SHA1

      c0d6076b9f7a660d728fd0fc20a42146c6ead1b7

    • SHA256

      6a403d45488a7edf4b19ed6436d63397e7950b08dcc2987a0149b7df2c219344

    • SHA512

      099a8b532bbd13e739214dff84d91025ce967f7aa7040c9cd2df689e588b7abd003d5bafbf3d3dbefcec72a7a96a2ac493ac0b8baea31ae81b4b1fcfcd0853e8

    • SSDEEP

      12288:gdclTNleKU+EYC2J6ylNCs6BzUNlik2Juno82:gdclTNleKUW/56JwH

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks