General

  • Target

    19c2392c2e001978c60b57a9b8845f82

  • Size

    493KB

  • Sample

    231224-3htywaefc6

  • MD5

    19c2392c2e001978c60b57a9b8845f82

  • SHA1

    28f30ef8b0c4faaee1ae9a513847951a92ee4c2e

  • SHA256

    e97c9ed01a735584d220b31055326fc67542a655a631ec2f69df688e104cac51

  • SHA512

    e56c0429127cb1eaf95327dfa034560173618bd5718afec8211692d896c76c7dea8b1e3da7ab66fa73aa6e2aa61f4527da02f06e8b776a22d717be29f755ad6b

  • SSDEEP

    6144:ELTfMu1IQfqcviJNnybFrl91IA5HzFkQHk3rUaWWX0Bz4QVSEB23vYl0x8rbev:IfMhQiKCNy11IIHz3Hk7XcTOvYeumv

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q3t0

Decoy

xn--n8jh0ox33v9th.club

realestateactiongroup.com

theblackcottage.com

iptvfresh.com

firstseviceresidential.com

enhancemarketingsolutions.com

matchawali.com

lockedselfstorage.com

laurencervera.com

waffleicionados.com

ryanplumbingandmechanical.com

mahalabartlemathiassen.com

enter-flowers.com

berlinclick.com

pop.direct

dangeranimalsfounded.press

sweetwhiskerscreamery.com

acaciamultimedia.com

thejoyfulmark.com

bspceducation.com

Targets

    • Target

      19c2392c2e001978c60b57a9b8845f82

    • Size

      493KB

    • MD5

      19c2392c2e001978c60b57a9b8845f82

    • SHA1

      28f30ef8b0c4faaee1ae9a513847951a92ee4c2e

    • SHA256

      e97c9ed01a735584d220b31055326fc67542a655a631ec2f69df688e104cac51

    • SHA512

      e56c0429127cb1eaf95327dfa034560173618bd5718afec8211692d896c76c7dea8b1e3da7ab66fa73aa6e2aa61f4527da02f06e8b776a22d717be29f755ad6b

    • SSDEEP

      6144:ELTfMu1IQfqcviJNnybFrl91IA5HzFkQHk3rUaWWX0Bz4QVSEB23vYl0x8rbev:IfMhQiKCNy11IIHz3Hk7XcTOvYeumv

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks