General

  • Target

    77ad1e2d8eecc4b9fe0f036818fafe2f

  • Size

    474KB

  • Sample

    231222-hztn8adeb5

  • MD5

    77ad1e2d8eecc4b9fe0f036818fafe2f

  • SHA1

    24fd589b758383083843d8032105a0a18a94b25d

  • SHA256

    3d4b432712ac01be58e82e629f8f19755a44e7c0de7f54b5699e9e496e5dc55e

  • SHA512

    65574ce4fd3229d58921fd5810d2be711d7c789438634edaf63f54bcd3f6f4efb69916a866efac939afd1a24eae2982dd647b9654563402f24672467be68a3f9

  • SSDEEP

    12288:vIItGLL/AgOaBT44WbJYHxgrJ/9sWieIuGxGG:vjUtOM4BbaHGr5

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m64e

Decoy

fashionrep.info

jglbjc.com

directoroa.com

e-lectricbike.net

sacredcircleradio.com

impactnewsworld.com

baltourbus.com

strexesa.com

dhdhfund.com

seascape.vacations

prosperitywhiz.com

black-quartz.com

shuokongtech.com

theuniversalwaits.com

playastudio.club

wjusbgfkw.icu

admissionguide.info

tabernacleofgodint.com

msproblemsolver.com

mtnrdgo365.com

Targets

    • Target

      77ad1e2d8eecc4b9fe0f036818fafe2f

    • Size

      474KB

    • MD5

      77ad1e2d8eecc4b9fe0f036818fafe2f

    • SHA1

      24fd589b758383083843d8032105a0a18a94b25d

    • SHA256

      3d4b432712ac01be58e82e629f8f19755a44e7c0de7f54b5699e9e496e5dc55e

    • SHA512

      65574ce4fd3229d58921fd5810d2be711d7c789438634edaf63f54bcd3f6f4efb69916a866efac939afd1a24eae2982dd647b9654563402f24672467be68a3f9

    • SSDEEP

      12288:vIItGLL/AgOaBT44WbJYHxgrJ/9sWieIuGxGG:vjUtOM4BbaHGr5

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks