General

  • Target

    c4033910eaa4944d2c84b15fb964cda9

  • Size

    474KB

  • Sample

    231222-rt8qmadce3

  • MD5

    c4033910eaa4944d2c84b15fb964cda9

  • SHA1

    638909d6c893b58b57e3ce61eaa650628dd42b08

  • SHA256

    d8bbf0c15a39bb1dd36c71177d2e8c5a05b0531bd91c03800b8503dc23f662c7

  • SHA512

    2dd0d33d5385af8f247a308b7adf71144881a34bed6177748b1b101c61fe39ccc63425f8a2efb4beeef28baf55f9e2752240ab24265728de082f5c16a9b7e8a0

  • SSDEEP

    12288:naYamkM7gHD3KTfv7w0YGwiYPlyGmEdtI:aYl/7Ea/D

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

cpa3

Decoy

hkp.xyz

marcinkwiatkowski.com

celebrityobserver.com

thelotsgroup.com

actusforums.com

cityparcelservice.com

apprig.com

naughtianalove.com

lesitedelanimation.com

taxes1234.com

citieyuan.com

kokonarafile.com

morenatives.com

iredreview.com

oddlywelladjusted.com

wpj.xyz

gofairlane.com

galtoubul.com

custompickem.com

partsandersenstormdoor.com

Targets

    • Target

      c4033910eaa4944d2c84b15fb964cda9

    • Size

      474KB

    • MD5

      c4033910eaa4944d2c84b15fb964cda9

    • SHA1

      638909d6c893b58b57e3ce61eaa650628dd42b08

    • SHA256

      d8bbf0c15a39bb1dd36c71177d2e8c5a05b0531bd91c03800b8503dc23f662c7

    • SHA512

      2dd0d33d5385af8f247a308b7adf71144881a34bed6177748b1b101c61fe39ccc63425f8a2efb4beeef28baf55f9e2752240ab24265728de082f5c16a9b7e8a0

    • SSDEEP

      12288:naYamkM7gHD3KTfv7w0YGwiYPlyGmEdtI:aYl/7Ea/D

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks