General

  • Target

    bf5f7b52a6cd8ca2d1708bdda5ba42fc

  • Size

    864KB

  • Sample

    231222-rpzbdshegr

  • MD5

    bf5f7b52a6cd8ca2d1708bdda5ba42fc

  • SHA1

    41484fc0a016c73b02efd87e047282439a870732

  • SHA256

    3453e4a7e2515fc0ca1f94a5cc317a018a7935a327d8036ab5f493a5e3552dfe

  • SHA512

    f8670b83fd244e4e0f9a43ffd8188b5a52f441f4d0ef485c36037c653c86d3cff0374144c169d8cfd211eae22c02fcac3b76e63893f377783baf8d61f421a285

  • SSDEEP

    12288:a/AbnjpTX4ZTUzSh0itJ9K6FexiyNRt9VjW:a/ijlXpSTVsb3VjW

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xcgs

Decoy

tikpromotions.com

376roystsw.com

distillermedia.com

web-evo.com

bestvalueit.com

groabienesraices.com

wildplukboeken.com

lfpvcpof.com

powellmediapartners.com

xafrique.com

value-store.net

plastiserve.net

thelimitlesslegacy.com

weifang8.xyz

yes4smiles.com

alexumart.com

foodscapeww.com

kingjames.plus

stuffedia.com

jenericconsulting.com

Targets

    • Target

      bf5f7b52a6cd8ca2d1708bdda5ba42fc

    • Size

      864KB

    • MD5

      bf5f7b52a6cd8ca2d1708bdda5ba42fc

    • SHA1

      41484fc0a016c73b02efd87e047282439a870732

    • SHA256

      3453e4a7e2515fc0ca1f94a5cc317a018a7935a327d8036ab5f493a5e3552dfe

    • SHA512

      f8670b83fd244e4e0f9a43ffd8188b5a52f441f4d0ef485c36037c653c86d3cff0374144c169d8cfd211eae22c02fcac3b76e63893f377783baf8d61f421a285

    • SSDEEP

      12288:a/AbnjpTX4ZTUzSh0itJ9K6FexiyNRt9VjW:a/ijlXpSTVsb3VjW

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks