General

  • Target

    2e8d46250d67cc50779b4fb2dfb08412

  • Size

    867KB

  • Sample

    231221-317mpafdg3

  • MD5

    2e8d46250d67cc50779b4fb2dfb08412

  • SHA1

    efd34a723dbbac4556bbd424f2f20949f479485d

  • SHA256

    b24607fff4cf5d4fcb822446c3386d63ffc818bda4f2c1b274cae6cee500d9fb

  • SHA512

    a59fc90c3f56819bd6ecc1f46a6f361009a90bcdec16ed40c9a5fbdf23162f8084618f68f2d3498ce1f692a5e8fa6da77fee733d886b673e76baf181cad0121a

  • SSDEEP

    6144:YLFgFJLgGm8n3/tz7DXguqwlfmby8RAGu6l0ZFrjaA2SykDPvPXq4BhUnhxJ8qTZ:Yhkn3lz7DwCfmNDu6l0ZFINRshUhgYU

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bnj6

Decoy

norma.ink

kyleknievil.com

expo-hogar.com

thebetternest.com

janisklindemanmemorial.com

destramultifamily.com

420andbooze.com

blacksheepindustrial.com

primelysian.com

deri-ch.com

sensefemme.com

beverlyhill-md.com

nyraradio.com

techtabs.net

uniqueciti.com

placentiachiropractors.com

comftylittlenook.com

fellowshipranchcelebrations.com

khawater-aljumuah.com

lg655.com

Targets

    • Target

      2e8d46250d67cc50779b4fb2dfb08412

    • Size

      867KB

    • MD5

      2e8d46250d67cc50779b4fb2dfb08412

    • SHA1

      efd34a723dbbac4556bbd424f2f20949f479485d

    • SHA256

      b24607fff4cf5d4fcb822446c3386d63ffc818bda4f2c1b274cae6cee500d9fb

    • SHA512

      a59fc90c3f56819bd6ecc1f46a6f361009a90bcdec16ed40c9a5fbdf23162f8084618f68f2d3498ce1f692a5e8fa6da77fee733d886b673e76baf181cad0121a

    • SSDEEP

      6144:YLFgFJLgGm8n3/tz7DXguqwlfmby8RAGu6l0ZFrjaA2SykDPvPXq4BhUnhxJ8qTZ:Yhkn3lz7DwCfmNDu6l0ZFINRshUhgYU

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks