General

  • Target

    e0d5a246fa291e3329c0dec07bacfe4c

  • Size

    735KB

  • Sample

    231222-s8s46adga6

  • MD5

    e0d5a246fa291e3329c0dec07bacfe4c

  • SHA1

    eb6b702972b2c20cba33c10ffbba9baeb72d686d

  • SHA256

    e443d32f3951c6b305181a3b138796147572063566112436c80bf47796a2e132

  • SHA512

    cee36d1a25af1b045c9fa71aacdb5b8c337f1af1ea26c45ec035a205f243c84831b8636ee74c80d459a3f5599d2c8c27992f823328a7502a074aee123ed8b660

  • SSDEEP

    12288:FMPQpXYoBho6Cau+xHsCn4zHha013LoF1bJEYNuJeE6OHR93QP4FIUUuRYHro:FMqXFCOxHsI41acUF1V3uJ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c8ec

Decoy

kingmeters.com

thawoman.com

cannabisinseconds.com

3966399.com

grabopolska.online

krystalpacifico.com

quibii.com

wangzhanceshi.online

blog-techtalks.com

refreshlightingcompany.com

justrightmap.net

sewabhartidelhi.com

noharminmasking.com

speedysignin.website

schwabinsttutional.com

carbon2algae.com

pateleprevention.com

techsavypinaki.com

onemindafrica.com

flowerpeony.com

Targets

    • Target

      e0d5a246fa291e3329c0dec07bacfe4c

    • Size

      735KB

    • MD5

      e0d5a246fa291e3329c0dec07bacfe4c

    • SHA1

      eb6b702972b2c20cba33c10ffbba9baeb72d686d

    • SHA256

      e443d32f3951c6b305181a3b138796147572063566112436c80bf47796a2e132

    • SHA512

      cee36d1a25af1b045c9fa71aacdb5b8c337f1af1ea26c45ec035a205f243c84831b8636ee74c80d459a3f5599d2c8c27992f823328a7502a074aee123ed8b660

    • SSDEEP

      12288:FMPQpXYoBho6Cau+xHsCn4zHha013LoF1bJEYNuJeE6OHR93QP4FIUUuRYHro:FMqXFCOxHsI41acUF1V3uJ

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks