General

  • Target

    5a47950132678e19a66917cad9b737d5

  • Size

    944KB

  • Sample

    231222-dwyrjscde6

  • MD5

    5a47950132678e19a66917cad9b737d5

  • SHA1

    d688a1a5727f17994f53e4563bbf2b0fb434b98d

  • SHA256

    90b07e53e3463c6170b043cca6e2dca574a74dc5ab40a853fa7e431de993702f

  • SHA512

    2a8af1d15caa794f230022b9ee19a6b8b20c555fa67bbf344549dfbe4f3e1deeba73c8bfdb4cb18463bca6a6247a8840688f474cdb665ed1d7c24499460f2a21

  • SSDEEP

    12288:UGO3+VUPObK1Cnf2VtYLrlz1+e+9wOM+BZbaQe2m+0hr8fPSOtA9qIt9VjW:mHwlqwOM+B4J2m+A8Ltm3VjW

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xcgs

Decoy

tikpromotions.com

376roystsw.com

distillermedia.com

web-evo.com

bestvalueit.com

groabienesraices.com

wildplukboeken.com

lfpvcpof.com

powellmediapartners.com

xafrique.com

value-store.net

plastiserve.net

thelimitlesslegacy.com

weifang8.xyz

yes4smiles.com

alexumart.com

foodscapeww.com

kingjames.plus

stuffedia.com

jenericconsulting.com

Targets

    • Target

      5a47950132678e19a66917cad9b737d5

    • Size

      944KB

    • MD5

      5a47950132678e19a66917cad9b737d5

    • SHA1

      d688a1a5727f17994f53e4563bbf2b0fb434b98d

    • SHA256

      90b07e53e3463c6170b043cca6e2dca574a74dc5ab40a853fa7e431de993702f

    • SHA512

      2a8af1d15caa794f230022b9ee19a6b8b20c555fa67bbf344549dfbe4f3e1deeba73c8bfdb4cb18463bca6a6247a8840688f474cdb665ed1d7c24499460f2a21

    • SSDEEP

      12288:UGO3+VUPObK1Cnf2VtYLrlz1+e+9wOM+BZbaQe2m+0hr8fPSOtA9qIt9VjW:mHwlqwOM+B4J2m+A8Ltm3VjW

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks