General

  • Target

    3dd87d18a1e0e5d97de8b77458d18f74

  • Size

    960KB

  • Sample

    231225-1gsnbafhb2

  • MD5

    3dd87d18a1e0e5d97de8b77458d18f74

  • SHA1

    ab1538aa18a14156ac7e20bba7329bac26216745

  • SHA256

    d050c9c41083b76f378f09e9c5394cfef4a18d7de11a87720b2e5e3cf704330b

  • SHA512

    d0dd1b6e6acded09d8783389a5fab9e503cd37ac4759fd3b1f714ff1d103ee858d43dc558503545b6e5a2545383ba47ed91b44953207107b616a79ae30d2fcd2

  • SSDEEP

    12288:swjVeTugZxcBsOido3UR6x+2dXUNbCwpJlpsrYlD3jiIPM++wKlrVMpY1KVRlGkQ:nm9iiBT0XLypNyBLZV

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p6f2

Decoy

redsnews.com

vr859.com

postmasterstudios.com

hampsteadorganizer.com

hangshop.net

maheshwaramlawcollege.com

5156087.com

gtaaddict.com

faj.xyz

drivechicagoillinois.com

neerutech.com

b2brahmas.com

freshlookks.com

propertyparallel.tech

tlwbyads.com

sellektorkids.com

dexs.fyi

kileybrock.com

nervstudio.com

tosg-ltd.com

Targets

    • Target

      3dd87d18a1e0e5d97de8b77458d18f74

    • Size

      960KB

    • MD5

      3dd87d18a1e0e5d97de8b77458d18f74

    • SHA1

      ab1538aa18a14156ac7e20bba7329bac26216745

    • SHA256

      d050c9c41083b76f378f09e9c5394cfef4a18d7de11a87720b2e5e3cf704330b

    • SHA512

      d0dd1b6e6acded09d8783389a5fab9e503cd37ac4759fd3b1f714ff1d103ee858d43dc558503545b6e5a2545383ba47ed91b44953207107b616a79ae30d2fcd2

    • SSDEEP

      12288:swjVeTugZxcBsOido3UR6x+2dXUNbCwpJlpsrYlD3jiIPM++wKlrVMpY1KVRlGkQ:nm9iiBT0XLypNyBLZV

    • Detect ZGRat V1

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks