General

  • Target

    1cb1d17b71c0b0bbf29ae44ac7846c41

  • Size

    1.2MB

  • Sample

    231225-n66j9agehk

  • MD5

    1cb1d17b71c0b0bbf29ae44ac7846c41

  • SHA1

    13c1e5eee17ae3d7b5e859ec3240726fc8bd2100

  • SHA256

    6f42be9adbf8a5232ff93cbbd74b5616319ed32863c9b5cc9f6fb9383d618151

  • SHA512

    9e2881c31da1d4dde68a1b559a5fe5961584cf381bbc67808e51c98094633204f5fd2f5b27059beda97c6a9888fc255d416b6794b75bb44f67b671dd55076186

  • SSDEEP

    24576:gisS/d3oKzksRks2y8jVMCBGFI7wCBSGZ8N6ZNYZ:+KkuoUCRWN6ZNY

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p4se

Decoy

weightlossforprofessionals.com

talkotstopandshop.com

everesttechsolutions.com

garboarts.com

esubastas-online.com

electriclastmile.com

tomio.tech

jacoty.com

knot-tied-up.com

energychoicesim.com

rocketcompaniessham.com

madarasapattinam.com

promosplace.com

newstarchurch.com

thesaleskitchen.com

slingmodeinc.com

jobresulthub.com

pillclk.com

shipu119.com

sibalcar.com

Targets

    • Target

      1cb1d17b71c0b0bbf29ae44ac7846c41

    • Size

      1.2MB

    • MD5

      1cb1d17b71c0b0bbf29ae44ac7846c41

    • SHA1

      13c1e5eee17ae3d7b5e859ec3240726fc8bd2100

    • SHA256

      6f42be9adbf8a5232ff93cbbd74b5616319ed32863c9b5cc9f6fb9383d618151

    • SHA512

      9e2881c31da1d4dde68a1b559a5fe5961584cf381bbc67808e51c98094633204f5fd2f5b27059beda97c6a9888fc255d416b6794b75bb44f67b671dd55076186

    • SSDEEP

      24576:gisS/d3oKzksRks2y8jVMCBGFI7wCBSGZ8N6ZNYZ:+KkuoUCRWN6ZNY

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks