General

  • Target

    20da0cd7af94c17e5d0f62dd8e71152e

  • Size

    251KB

  • Sample

    231225-qfth4sgefj

  • MD5

    20da0cd7af94c17e5d0f62dd8e71152e

  • SHA1

    088b8dd5efa917b333e32755887534fbc23b96d0

  • SHA256

    16cb5d00387369fa2bb69b16f39a62cd4dc4557324ac4202f466be7f6bec27d8

  • SHA512

    10a3b10912aeffbf98a598348ba848d5754204e86d28913cac813a5de8b512f52014893793a9c25b79b57b01e0b5ff95817d4631ac4c84fba02cc3235b672840

  • SSDEEP

    6144:sd53TvpHeIl09otSSAIAB15IIRWeVApXasSegXWm5wAUqrqcbX2e:sd53TvpHeIl09oYSTAB0IgSApqsdgGmh

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

fznn

Decoy

petmarketsolutions.com

themummymarketplace.com

themidnightcollectivepdx.com

detoxshake.site

ross76.com

tom-tours2020.com

domoservis.com

allcombuildingsvc.com

padelshop.online

wosaying.com

heafg.com

inglesbrasileiro.com

santaclausonline.net

voiceofmagic.com

lafayettelc.com

communal-sleeve.net

extremecouponing.online

mypomate.com

rtdrillbit.com

therealtortaylor.com

Targets

    • Target

      20da0cd7af94c17e5d0f62dd8e71152e

    • Size

      251KB

    • MD5

      20da0cd7af94c17e5d0f62dd8e71152e

    • SHA1

      088b8dd5efa917b333e32755887534fbc23b96d0

    • SHA256

      16cb5d00387369fa2bb69b16f39a62cd4dc4557324ac4202f466be7f6bec27d8

    • SHA512

      10a3b10912aeffbf98a598348ba848d5754204e86d28913cac813a5de8b512f52014893793a9c25b79b57b01e0b5ff95817d4631ac4c84fba02cc3235b672840

    • SSDEEP

      6144:sd53TvpHeIl09otSSAIAB15IIRWeVApXasSegXWm5wAUqrqcbX2e:sd53TvpHeIl09oYSTAB0IgSApqsdgGmh

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks