General

  • Target

    a51f4194b7b616ec6d397bf5851d293d

  • Size

    466KB

  • Sample

    231222-qszkwshfcq

  • MD5

    a51f4194b7b616ec6d397bf5851d293d

  • SHA1

    c7aa4b6d0c29f9e3a26627d17938a73d6445c695

  • SHA256

    732c044639713a301c63669f5284e0f23813d57f02c5719b021305aeb8933a58

  • SHA512

    29614ef9692bbb72123c11f82e93d6405bae8555e71e220b62e6c4a262c0874191e3d6f47e7a22ba35741f364c964e1c15c5d13b2f0ed33c390c2dcfa8f7af2d

  • SSDEEP

    12288:pWLZ5cHrAnucAXtiZHjeEDnCUXOcZwAbOCD7OfAYVC9:pZcu1X0njwy/

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gm9w

Decoy

steffiemor.com

qe2rvstorage.com

louisteak.com

top-dex2.com

fafeiya.com

saffure.com

1upshopandstuff.com

wemove66.com

deckswap.info

joinjifu.com

joboval.com

stilldeliciousvegan.com

intercunt.com

espaciosterapeutas.com

doglai.com

situationslayer.com

adbreaks.net

cdjy666.com

ap70mm.com

gwh525.xyz

Targets

    • Target

      a51f4194b7b616ec6d397bf5851d293d

    • Size

      466KB

    • MD5

      a51f4194b7b616ec6d397bf5851d293d

    • SHA1

      c7aa4b6d0c29f9e3a26627d17938a73d6445c695

    • SHA256

      732c044639713a301c63669f5284e0f23813d57f02c5719b021305aeb8933a58

    • SHA512

      29614ef9692bbb72123c11f82e93d6405bae8555e71e220b62e6c4a262c0874191e3d6f47e7a22ba35741f364c964e1c15c5d13b2f0ed33c390c2dcfa8f7af2d

    • SSDEEP

      12288:pWLZ5cHrAnucAXtiZHjeEDnCUXOcZwAbOCD7OfAYVC9:pZcu1X0njwy/

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks