General

  • Target

    b67294e81cb5bf9deb94027615130ab9

  • Size

    939KB

  • Sample

    231222-rd4fzahcg7

  • MD5

    b67294e81cb5bf9deb94027615130ab9

  • SHA1

    b07763bf03f266d7c22a24791bbc3a9599a25f17

  • SHA256

    771d569a1ea9c1f13e9eb1bb3f52033b25a36d4954314d88476fb4ee7a872357

  • SHA512

    113c0f142009a648ab39442ccfcdd9096d123022f840d1057efa8873a11a90515f1cbe26827cb9e5fcc38b41d9418bc89dfb64d362a856147c1a1de668c1ea0f

  • SSDEEP

    12288:GxRwxGnIIoF84DtPASSVdYiO5GpS4u6C5oWpf0y3k0Vb/AElj8iDxLBYR1p2Z3+e:9FIEfD0aPjsGTYXV

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h388

Decoy

americangrindstone.com

qdy6.club

bestsecretrecipes.info

11restoran.com

mrhashtags.com

theexecutivestudio.com

levilatte.com

indiantrio.com

msdhigh.com

spartandiesel.com

soccersundays.com

eliteworldcars.com

superlemon001.com

greenlight.school

kuryeforum.xyz

abc-322.com

campbellretreat.com

argonmode.net

movievilla.info

brateix.info

Targets

    • Target

      b67294e81cb5bf9deb94027615130ab9

    • Size

      939KB

    • MD5

      b67294e81cb5bf9deb94027615130ab9

    • SHA1

      b07763bf03f266d7c22a24791bbc3a9599a25f17

    • SHA256

      771d569a1ea9c1f13e9eb1bb3f52033b25a36d4954314d88476fb4ee7a872357

    • SHA512

      113c0f142009a648ab39442ccfcdd9096d123022f840d1057efa8873a11a90515f1cbe26827cb9e5fcc38b41d9418bc89dfb64d362a856147c1a1de668c1ea0f

    • SSDEEP

      12288:GxRwxGnIIoF84DtPASSVdYiO5GpS4u6C5oWpf0y3k0Vb/AElj8iDxLBYR1p2Z3+e:9FIEfD0aPjsGTYXV

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks