General

  • Target

    43e561dd8ced346ce367c652a6f12d42

  • Size

    521KB

  • Sample

    231225-3pjrgshbhq

  • MD5

    43e561dd8ced346ce367c652a6f12d42

  • SHA1

    ec00240b3a9e0f0f170f881e3a08f8e2047b01cc

  • SHA256

    1fe205203f6b581a9ee02d694acc281c51567675570649fd17fc0195c2217b31

  • SHA512

    1aa32ffeea65a1634586204d163dc22f3e7cfad772aef9c96a1577ddc0e94ec0fa969c1f8b560915b1131dcb001a59feea7485d731f0180404c90e87f70aa67c

  • SSDEEP

    6144:xS7g3ycANDrAlWV0YYuqvbscb4xOxg/3gzyixH4uJ9RNY4MA7fk3wuCnHfXrHky7:M7gh23WuwbFbgA+3g7HcAbwAfrYgUS

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

zsch

Decoy

obluedottvwd.com

lilythelotus.com

youngmeow.com

qrepto.com

kenziepatterson.com

scottmeredithrealty.com

neualchemydigital.com

meiyate-commerce.com

principlecoffeeandtea.com

houstonhemorrhoidcenter.com

mdmedalerts.com

siassociation.com

brightlumenshop.com

myduplicator2.com

joinsmiler.com

hilleye24.com

colleenbeller.com

lmfaoevents.com

clairerodgersyoga.co.uk

ramsysacademy.com

Targets

    • Target

      43e561dd8ced346ce367c652a6f12d42

    • Size

      521KB

    • MD5

      43e561dd8ced346ce367c652a6f12d42

    • SHA1

      ec00240b3a9e0f0f170f881e3a08f8e2047b01cc

    • SHA256

      1fe205203f6b581a9ee02d694acc281c51567675570649fd17fc0195c2217b31

    • SHA512

      1aa32ffeea65a1634586204d163dc22f3e7cfad772aef9c96a1577ddc0e94ec0fa969c1f8b560915b1131dcb001a59feea7485d731f0180404c90e87f70aa67c

    • SSDEEP

      6144:xS7g3ycANDrAlWV0YYuqvbscb4xOxg/3gzyixH4uJ9RNY4MA7fk3wuCnHfXrHky7:M7gh23WuwbFbgA+3g7HcAbwAfrYgUS

    • Detect ZGRat V1

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks