General

  • Target

    0e2f9d545ac87b4e9762ca50e2bf15ab

  • Size

    1.3MB

  • Sample

    231225-h43gxsccb2

  • MD5

    0e2f9d545ac87b4e9762ca50e2bf15ab

  • SHA1

    f4678bb9036c097dfe4bff4794de64eb39c369c4

  • SHA256

    fabf4628b3813230d81f4c1a4991a0fe21550362177dd7b451e80c6a839b6814

  • SHA512

    86cca0ab67312068c408aee261b372c933b71dc85d51df9e11e9eb5c398e1b0353d0f897e6ba8f72048783485421075805c25c64e767d49d00f26f99ad79c07c

  • SSDEEP

    24576:a3yBmCmTOUd+L6k7XW7k5JBaEg3GIdjKCylHkGpE/pvbou8Aaj:a3mmCm6Ud+z7X/PaEboKCuNevbo

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

    • Target

      0e2f9d545ac87b4e9762ca50e2bf15ab

    • Size

      1.3MB

    • MD5

      0e2f9d545ac87b4e9762ca50e2bf15ab

    • SHA1

      f4678bb9036c097dfe4bff4794de64eb39c369c4

    • SHA256

      fabf4628b3813230d81f4c1a4991a0fe21550362177dd7b451e80c6a839b6814

    • SHA512

      86cca0ab67312068c408aee261b372c933b71dc85d51df9e11e9eb5c398e1b0353d0f897e6ba8f72048783485421075805c25c64e767d49d00f26f99ad79c07c

    • SSDEEP

      24576:a3yBmCmTOUd+L6k7XW7k5JBaEg3GIdjKCylHkGpE/pvbou8Aaj:a3mmCm6Ud+z7X/PaEboKCuNevbo

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks