General

  • Target

    a981d86b14c7730a21e3e65ee82bfa68

  • Size

    635KB

  • Sample

    231222-qyqj6sdca3

  • MD5

    a981d86b14c7730a21e3e65ee82bfa68

  • SHA1

    cc4d604c0a770e11eb2e96721266db67806482ab

  • SHA256

    64d594586df187a418067a8f90f57244a543f2a32c5736412b89348254de84cb

  • SHA512

    fd01d79a92cbf695081f088b89cadf180405c768e67409e09941b28df6cfef88cb5e62f1cd84419f58e9513b517c728c789ed79d15c8e4a13cb00ca643bbad6f

  • SSDEEP

    12288:oLh4i8ZubYVOwFG1iRg38negOiV7V381YyMOkypdJXizVtS9VzYJNRajt:oLh4jZVOwFG1IegOat815M6ijK8JqR

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n3kw

Decoy

putrevus.com

tournamentworldofwar.com

motus-ekilibres.com

maendeltechnologies.com

thedelegationdare.com

pghatour.com

atjservice.com

wellbeingsecret.com

pollender.com

thehiddenstoryinamerica.com

abbasi-technology.com

rais5-hay5f.com

glenngrimes.com

jpmoovers.com

deliveringgreen.com

megatamapm.com

padrao-autoescola.com

mgmbu.com

cupacana.com

folcroftpa.net

Targets

    • Target

      PVCbiDUqly50DqS.exe

    • Size

      771KB

    • MD5

      b4f426aa910fd0d3b27e58efe4c1fa14

    • SHA1

      28c66fa701f21ff2cc2783cc48d2c6e740325f4f

    • SHA256

      ec6ee5937a5bf35fda23604425a63d39c3c710d8608a174ea5e7fc3dbdc94a2c

    • SHA512

      2bbdab6fca0e219fa4f4dc0d6a91487f633311f8f7b65eed5dd0efec02d9dce8d3be983e87218741c50a45ef60d3f8b1cb6bbe7d7085b95465c9b25e02849906

    • SSDEEP

      12288:7tFahC7OK89lkciw7MzYEOpBct7WVUnt:7yhC7OP9lJ79EccdDt

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks