General

  • Target

    0c90a502cf1d5e66b289b82a22fc1693

  • Size

    1.3MB

  • Sample

    231225-hjrjxshbc8

  • MD5

    0c90a502cf1d5e66b289b82a22fc1693

  • SHA1

    b7309e98f9d8b58442a77e1619e4524efd7f6a35

  • SHA256

    12d89c6e8e3ef2ec6ae4fda7dce291a2418a51daa9eba44a583ced847c9e4e42

  • SHA512

    fdb013cb09ca14093e5a2f177f91ed1349d47f4c17f7f610818fcf583c00ac518ed55eb655ed460b157024c150b23cdc8406d3795253a5ec7096adc339a2b6b3

  • SSDEEP

    24576:RZKjksXks2y8j19UAWU6rXVoHHsxZmJYis4xBZMN6Z7nsG/d60wZ:RZKaPUjU6rXVosx8J24xgN6Z7n8

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uecu

Decoy

ishtarhotel.com

woodstrends.icu

jalenowens.com

manno.expert

ssg1asia.com

telepathylaw.com

quickoprintnv.com

abrosnm3.com

lumberjackcatering.com

beachujamaica.com

thomasjeffersonbyrd.com

starryfinds.com

shelavish2.com

royalglamempirellc.com

deixandomeuemprego.com

alexgoestech.xyz

opticamn.com

fermanchevybrandon.com

milbodegas.info

adunarsrl.com

Targets

    • Target

      0c90a502cf1d5e66b289b82a22fc1693

    • Size

      1.3MB

    • MD5

      0c90a502cf1d5e66b289b82a22fc1693

    • SHA1

      b7309e98f9d8b58442a77e1619e4524efd7f6a35

    • SHA256

      12d89c6e8e3ef2ec6ae4fda7dce291a2418a51daa9eba44a583ced847c9e4e42

    • SHA512

      fdb013cb09ca14093e5a2f177f91ed1349d47f4c17f7f610818fcf583c00ac518ed55eb655ed460b157024c150b23cdc8406d3795253a5ec7096adc339a2b6b3

    • SSDEEP

      24576:RZKjksXks2y8j19UAWU6rXVoHHsxZmJYis4xBZMN6Z7nsG/d60wZ:RZKaPUjU6rXVosx8J24xgN6Z7n8

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks