General

  • Target

    35ffee4482ae6ca8ce58f107fbb259c3

  • Size

    855KB

  • Sample

    231222-aqsrkahfa9

  • MD5

    35ffee4482ae6ca8ce58f107fbb259c3

  • SHA1

    f0f23a397bad7d097a605777d66eac69fe8f6317

  • SHA256

    8b3535f44d1b9df9297fb95f8071f8488ca55c7511472b597942c779b400dbb9

  • SHA512

    49313b96dfaab33375e868621acfc3c6e13feef4d02b1f771cb15ccc42dcb26e1b7239a5cf83aae9420e9858df111ad15ca38dca7657aff74b96ee2f235b52e0

  • SSDEEP

    12288:mobXmKDFsGOSB/OVnS0N4Hv3BEsD94fRRvBxXlqpA:Hq4mGOITi4PBEGoRdBbqp

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nthe

Decoy

omelhorcurso-online.com

ttjk020.com

urfavvpimp.com

touchmytag.com

allianzbersamamu.com

menucoders.com

goldmig.com

optplm.com

ramblersattic.com

thehendrixcollection.com

angelsmoonsexshop.com

indianajones.club

tageslinsen.info

thscore2.com

onpar-golf.com

youcanaskmeto.review

overseaexpert.com

1977991.com

eurolajd.com

thefoxshack.com

Targets

    • Target

      35ffee4482ae6ca8ce58f107fbb259c3

    • Size

      855KB

    • MD5

      35ffee4482ae6ca8ce58f107fbb259c3

    • SHA1

      f0f23a397bad7d097a605777d66eac69fe8f6317

    • SHA256

      8b3535f44d1b9df9297fb95f8071f8488ca55c7511472b597942c779b400dbb9

    • SHA512

      49313b96dfaab33375e868621acfc3c6e13feef4d02b1f771cb15ccc42dcb26e1b7239a5cf83aae9420e9858df111ad15ca38dca7657aff74b96ee2f235b52e0

    • SSDEEP

      12288:mobXmKDFsGOSB/OVnS0N4Hv3BEsD94fRRvBxXlqpA:Hq4mGOITi4PBEGoRdBbqp

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks