General

  • Target

    f0ae0f0feaeb067f30f47c0d7ff7e9d0

  • Size

    537KB

  • Sample

    231222-tza3nagbbr

  • MD5

    f0ae0f0feaeb067f30f47c0d7ff7e9d0

  • SHA1

    960294628e7bb6dfd72fde0c00e7b8dce054a668

  • SHA256

    8beb84f2c9260feaeda5fdb9b000124a43b226689d90a396fd1ce12d15765017

  • SHA512

    77ee07450bcf4d2065a0e4de78cc4951a6156d7ae75cd6b7cc14b9dd60eb08823ea4bf3fc055e691daf58ae3cdf7b08102c9d4e5e5f8f1becca94570b9d2bf3e

  • SSDEEP

    6144:Sbxs+ltPi0ARs8UgUea5+suNaF+PWO94:0sA6d68UgTa5+FE+PWn

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

vc20

Decoy

222gu7com-888888gu7app.com

richb.online

lindaplusch.com

polarisjunctionapts.com

vrolin.com

duncanvillebouncehouse.com

coldnationmusic.com

afamegagt.com

mariospizzanewark.com

jinggouwg.com

yourandromeda-es.com

fanuron.com

bestv.xyz

palhh.com

pcsoftwaresdownload.com

courseyblvd.com

jupiterpcrepair.com

tmtiket.com

ojkae.com

netsorrhport.com

Targets

    • Target

      f0ae0f0feaeb067f30f47c0d7ff7e9d0

    • Size

      537KB

    • MD5

      f0ae0f0feaeb067f30f47c0d7ff7e9d0

    • SHA1

      960294628e7bb6dfd72fde0c00e7b8dce054a668

    • SHA256

      8beb84f2c9260feaeda5fdb9b000124a43b226689d90a396fd1ce12d15765017

    • SHA512

      77ee07450bcf4d2065a0e4de78cc4951a6156d7ae75cd6b7cc14b9dd60eb08823ea4bf3fc055e691daf58ae3cdf7b08102c9d4e5e5f8f1becca94570b9d2bf3e

    • SSDEEP

      6144:Sbxs+ltPi0ARs8UgUea5+suNaF+PWO94:0sA6d68UgTa5+FE+PWn

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks