General

  • Target

    3aa0c43954cf45583d1bc68bbaf40a92

  • Size

    780KB

  • Sample

    231222-a2j9kaahe4

  • MD5

    3aa0c43954cf45583d1bc68bbaf40a92

  • SHA1

    eb552ce94df0f0169ad167574780c1fc8727373f

  • SHA256

    8b009c3f329db21487973a3874ecfa07cbbcba927eed6cda99292bce4d667828

  • SHA512

    fec662167e811bcc0a166bb11e6fdb66dd08dd0ccca31fa3d6c299f2dcc8860643ff0e3190005a9a9a0802ae9f3a7d3ceb9e57c739d7183202431807fa0dded1

  • SSDEEP

    12288:L61JRVa2VK346Tv7VlCkU8UXseMgGCo1FRmp9j2q2TNaMB2UIK0KtvA0zTNO:L61J625avC58UXv+C8

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

amb4

Decoy

plingsiranesiji.xyz

zoomgraduations.com

lyseplenery.com

phi-cargo.com

pentagonconveyors.com

browznbeautystudio.com

egesinema.com

f3aacademy.com

ormanurunlerirehberi.com

tigaspace.com

ptlcoin.com

adomyinfopay.com

saudivitality.com

yeezyshoesoutlet.com

conanbiopharma.com

91war.com

kyagrace.com

recargasdimasff.com

dgboutiques.com

ixiangzu.com

Targets

    • Target

      3aa0c43954cf45583d1bc68bbaf40a92

    • Size

      780KB

    • MD5

      3aa0c43954cf45583d1bc68bbaf40a92

    • SHA1

      eb552ce94df0f0169ad167574780c1fc8727373f

    • SHA256

      8b009c3f329db21487973a3874ecfa07cbbcba927eed6cda99292bce4d667828

    • SHA512

      fec662167e811bcc0a166bb11e6fdb66dd08dd0ccca31fa3d6c299f2dcc8860643ff0e3190005a9a9a0802ae9f3a7d3ceb9e57c739d7183202431807fa0dded1

    • SSDEEP

      12288:L61JRVa2VK346Tv7VlCkU8UXseMgGCo1FRmp9j2q2TNaMB2UIK0KtvA0zTNO:L61J625avC58UXv+C8

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks