General

  • Target

    a2cebc4a1dc8989cbec53ac348866b59

  • Size

    500KB

  • Sample

    231222-qps9psbcb7

  • MD5

    a2cebc4a1dc8989cbec53ac348866b59

  • SHA1

    93cc571ea09625a12c7da7b6ef47a09fd65e77d7

  • SHA256

    92b63a5285922768116dcbfffaf17b9f181b7a9e9aebccb57f6ec6aa58e7442e

  • SHA512

    992d2eff05751e24ba1add7f808c0b55056a83efdc37a626742c0c131f9fb6872a4ec4f80bd5d404c8bf19357ae4d54b5014dc0cfabf75d373f4af6057709f25

  • SSDEEP

    12288:Ca51ILoLUY4XY/lT2uZA2PiALOSU4x7Rfm+UF3:Ca5Z4ulT2uNPii3DR8

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u6f4

Decoy

cleverokids.site

thecannabisawards.vegas

shopbelleofthebarns.com

digitalizamimundo.com

surschool.com

lowbrowprintshop.com

gx17.net

transformafter50.info

lilygildersguild.com

hubcitypaving.com

safemarketingagency.net

suka-cbd.com

leseditionstadine.com

affreciea.com

lamozi.com

csliu.com

drgustavoamadorotorrino.com

trimatrik.digital

diamondtoolz.net

lumerianpriestess.com

Targets

    • Target

      a2cebc4a1dc8989cbec53ac348866b59

    • Size

      500KB

    • MD5

      a2cebc4a1dc8989cbec53ac348866b59

    • SHA1

      93cc571ea09625a12c7da7b6ef47a09fd65e77d7

    • SHA256

      92b63a5285922768116dcbfffaf17b9f181b7a9e9aebccb57f6ec6aa58e7442e

    • SHA512

      992d2eff05751e24ba1add7f808c0b55056a83efdc37a626742c0c131f9fb6872a4ec4f80bd5d404c8bf19357ae4d54b5014dc0cfabf75d373f4af6057709f25

    • SSDEEP

      12288:Ca51ILoLUY4XY/lT2uZA2PiALOSU4x7Rfm+UF3:Ca5Z4ulT2uNPii3DR8

    • Detect ZGRat V1

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks