General

  • Target

    102eebfbf8c958a0852a5b70ae7ce684

  • Size

    561KB

  • Sample

    231225-jqedlsgbf9

  • MD5

    102eebfbf8c958a0852a5b70ae7ce684

  • SHA1

    68c2c924b815b2761df445b91031e96892caf30d

  • SHA256

    398b264c8593979cba3e2f9339af9e2909c114f8975c8cb0abc7c9b844b79541

  • SHA512

    f8e86eaff443fefb3203cf4c90af338d9f045cd9b98e37c988b4952643af07e929117740bb236b4a0521ac0c43e214ae27db88e54c493dbef99f567113cab5f8

  • SSDEEP

    12288:F8h24qZ7Ypp7IbgTiVJm47XCWyRulOEfeO+vz98yU6xUNiP6+w5:e24u7pyiXgRymO+vZP6+

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ehp9

Decoy

kebao100.com

telco360.com

gilleyaviation.com

thedangleman.com

kmpetersonphoto.com

bykjsz.com

comparaca.com

wlalumsforantiracism.com

razerzonr.com

856380062.xyz

cubesoftwaresolution.com

atokastore.com

joinlashedbyjamie.com

azcorra.com

lilys-galaxy.com

wheretheresaytheresaway.com

avantix-colts.com

pornsitehub.com

jagoviral.com

loansforgiven.com

Targets

    • Target

      102eebfbf8c958a0852a5b70ae7ce684

    • Size

      561KB

    • MD5

      102eebfbf8c958a0852a5b70ae7ce684

    • SHA1

      68c2c924b815b2761df445b91031e96892caf30d

    • SHA256

      398b264c8593979cba3e2f9339af9e2909c114f8975c8cb0abc7c9b844b79541

    • SHA512

      f8e86eaff443fefb3203cf4c90af338d9f045cd9b98e37c988b4952643af07e929117740bb236b4a0521ac0c43e214ae27db88e54c493dbef99f567113cab5f8

    • SSDEEP

      12288:F8h24qZ7Ypp7IbgTiVJm47XCWyRulOEfeO+vz98yU6xUNiP6+w5:e24u7pyiXgRymO+vZP6+

    • Detect ZGRat V1

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks