General

  • Target

    41a25be792e86680b7a9487f0d31e154

  • Size

    242KB

  • Sample

    231225-2vwskaefa6

  • MD5

    41a25be792e86680b7a9487f0d31e154

  • SHA1

    b77411be10f05123fb0174bb015dd07d384a6af0

  • SHA256

    ab101d01bcc79b6835eeeae5c3e89b0857fdd3b32e007b15ec5541a5f4aa9e00

  • SHA512

    6bc08f0801d26d4a596074062a90a1398abc085e2af7ad9ab9361184ed18fce86b5f0a11b606097d647ab6bf6072cb344f8936812f575c4668acfd3d3b9b393b

  • SSDEEP

    6144:ALTfHeojRVAU7GM0ITBSFPKm2Ej5GiMa2M8eWdcDssdt:8fHPRuUz0ITBSK1kGQxWCIsz

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dy8g

Decoy

mzyxi-rkah-y.net

okinawarongnho.com

qq66520.com

nimbus.watch

cwdelrio.com

regalshopper.com

avito-payment.life

jorgeporcayo.com

galvinsky.digital

guys-only.com

asmfruits-almacenes.com

boatrace-life04.net

cochez.club

thelastvictor.net

janieleconte.com

ivoirepneus.com

saludflv.info

mydreamtv.net

austinphy.com

cajunseafoodstcloud.com

Targets

    • Target

      41a25be792e86680b7a9487f0d31e154

    • Size

      242KB

    • MD5

      41a25be792e86680b7a9487f0d31e154

    • SHA1

      b77411be10f05123fb0174bb015dd07d384a6af0

    • SHA256

      ab101d01bcc79b6835eeeae5c3e89b0857fdd3b32e007b15ec5541a5f4aa9e00

    • SHA512

      6bc08f0801d26d4a596074062a90a1398abc085e2af7ad9ab9361184ed18fce86b5f0a11b606097d647ab6bf6072cb344f8936812f575c4668acfd3d3b9b393b

    • SSDEEP

      6144:ALTfHeojRVAU7GM0ITBSFPKm2Ej5GiMa2M8eWdcDssdt:8fHPRuUz0ITBSK1kGQxWCIsz

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks