General

  • Target

    334460d698cdbf4392bf9ca62c7a07c5

  • Size

    729KB

  • Sample

    231222-akf6ksggd4

  • MD5

    334460d698cdbf4392bf9ca62c7a07c5

  • SHA1

    225f1f70f2a691bbfa47d02650970c7a027eb42f

  • SHA256

    0a85f48737cb7d1cf31f03acb3bbcd0e0a8ea4b46bdc29a5efaf2052185048bc

  • SHA512

    58b23cc7c686bdd206583401ff3b703557e67be9b9735ec8fc056d7a8082c9bf6eb9a1d818176d1223761b507f374003266a5f4ee4ec8474310aa9aa9899bb30

  • SSDEEP

    12288:0ilO3+VUPObK1Cnf2VtYLrlz1+e+MntqpKczoHbq1guZocp6MMlDD:kHwlfnUgccHaqcpK

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c8ec

Decoy

kingmeters.com

thawoman.com

cannabisinseconds.com

3966399.com

grabopolska.online

krystalpacifico.com

quibii.com

wangzhanceshi.online

blog-techtalks.com

refreshlightingcompany.com

justrightmap.net

sewabhartidelhi.com

noharminmasking.com

speedysignin.website

schwabinsttutional.com

carbon2algae.com

pateleprevention.com

techsavypinaki.com

onemindafrica.com

flowerpeony.com

Targets

    • Target

      334460d698cdbf4392bf9ca62c7a07c5

    • Size

      729KB

    • MD5

      334460d698cdbf4392bf9ca62c7a07c5

    • SHA1

      225f1f70f2a691bbfa47d02650970c7a027eb42f

    • SHA256

      0a85f48737cb7d1cf31f03acb3bbcd0e0a8ea4b46bdc29a5efaf2052185048bc

    • SHA512

      58b23cc7c686bdd206583401ff3b703557e67be9b9735ec8fc056d7a8082c9bf6eb9a1d818176d1223761b507f374003266a5f4ee4ec8474310aa9aa9899bb30

    • SSDEEP

      12288:0ilO3+VUPObK1Cnf2VtYLrlz1+e+MntqpKczoHbq1guZocp6MMlDD:kHwlfnUgccHaqcpK

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks