General

  • Target

    2eb5bf80cdc59c337e376209055af5f1

  • Size

    710KB

  • Sample

    231222-aan4fafea8

  • MD5

    2eb5bf80cdc59c337e376209055af5f1

  • SHA1

    560bcc3eb854829ba07be27f45ff8b2fd38c7d4f

  • SHA256

    5a20c927d90cbf52135fa064973a734e9107e17195bc8a2137e357ab0a2d6696

  • SHA512

    1f0991e6c1924964cec68a47d0a72ce105c05c33ead8efeed67abce76bd8469e02b02b91ece55af0ab87c799a294f06410756be888d3b0edda226e0b84cd0e10

  • SSDEEP

    6144:R1BDD3t3vEoRG1FJLgGzwylFMUwm+E8AvSGXfA6vzfX9fygWprlXbN0E+4WzFbu+:R1BDDdx47KUwm+nmSsjXpuprlrCvb

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

zrmt

Decoy

wesmerecountryclub.com

wisdomlenstransmedia.info

ostethy.com

zhclgm.com

rafiten.com

miteccloud.com

collagen6.com

94chuyu.com

coffeeandsupplycompany.com

siestone.com

salonandspaexperts.com

irnefzo.info

playback-theatre.com

ecomportableph.com

parkplatinum.com

1963tc.com

zaubers.com

getfitnesssupplement.com

lossolesmarketing.com

blueprintartco.com

Targets

    • Target

      2eb5bf80cdc59c337e376209055af5f1

    • Size

      710KB

    • MD5

      2eb5bf80cdc59c337e376209055af5f1

    • SHA1

      560bcc3eb854829ba07be27f45ff8b2fd38c7d4f

    • SHA256

      5a20c927d90cbf52135fa064973a734e9107e17195bc8a2137e357ab0a2d6696

    • SHA512

      1f0991e6c1924964cec68a47d0a72ce105c05c33ead8efeed67abce76bd8469e02b02b91ece55af0ab87c799a294f06410756be888d3b0edda226e0b84cd0e10

    • SSDEEP

      6144:R1BDD3t3vEoRG1FJLgGzwylFMUwm+E8AvSGXfA6vzfX9fygWprlXbN0E+4WzFbu+:R1BDDdx47KUwm+nmSsjXpuprlrCvb

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks