General

  • Target

    163273142f825c00083210241a47baa5

  • Size

    702KB

  • Sample

    231224-2jcwbaffh9

  • MD5

    163273142f825c00083210241a47baa5

  • SHA1

    aac6c50cb05df0da5ff9f9bcbbd57afddadd8e48

  • SHA256

    eaf0f5b706bfe873d85287706d0a41d55e493d90e19400194c3a3a8060bb8c3c

  • SHA512

    e8bc3ebcc8cc64c64f242e5ed56f21b581c2c4932dc7472b8e0fadd985c7f66f78a4d3b2956dc54dd741b7b1717552d6e1f1a429fbb0089a428029f3603eb650

  • SSDEEP

    12288:plFPU9bPU9+n8U/UUX9OsBgo0q4wMjTgVJ4Iq/5bHzTkL5HxlkszrPc0x0haLP+:plaX9OsBgo0q4wMj0VJ4Iq/9TGHfdL

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

y66u

Decoy

oscaralejandrotravel.com

icimsoy.net

mosaicpreschool.com

moonchildbohoshop.com

zews.xyz

irvinelawpractice.com

capralog.com

55aa-5.com

1stcorichmondhowitzers.com

powerhouseenterprises.com

magetu.info

206a1db.com

unilever2020.com

bbterramar.com

einfohires.com

gogrowlocal.com

annerobertsla.com

sabaiexpo.com

neatpublications.com

frmsoccercampaustralia.com

Targets

    • Target

      163273142f825c00083210241a47baa5

    • Size

      702KB

    • MD5

      163273142f825c00083210241a47baa5

    • SHA1

      aac6c50cb05df0da5ff9f9bcbbd57afddadd8e48

    • SHA256

      eaf0f5b706bfe873d85287706d0a41d55e493d90e19400194c3a3a8060bb8c3c

    • SHA512

      e8bc3ebcc8cc64c64f242e5ed56f21b581c2c4932dc7472b8e0fadd985c7f66f78a4d3b2956dc54dd741b7b1717552d6e1f1a429fbb0089a428029f3603eb650

    • SSDEEP

      12288:plFPU9bPU9+n8U/UUX9OsBgo0q4wMjTgVJ4Iq/5bHzTkL5HxlkszrPc0x0haLP+:plaX9OsBgo0q4wMj0VJ4Iq/9TGHfdL

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks