General

  • Target

    33ec3cc0c0d38101d40af9180c53f7c9

  • Size

    758KB

  • Sample

    231225-wxlgqabden

  • MD5

    33ec3cc0c0d38101d40af9180c53f7c9

  • SHA1

    5be6d174bc87624620fe59bbc80353b74805ce72

  • SHA256

    8a3f3e271bd0d6091efa65101329f9bc896fb9e7f8689010fde4b9c9e48de94c

  • SHA512

    272be7f9578b62823a960e04251b37dff0863afdb61933320965683e4108b85c39e0cb7227f6eadd6732abbb4ef7acf477ec95ece4bd36fb8fee8ba9c64060f4

  • SSDEEP

    12288:3i8BwqmexRU7s3jfttHaY0ezE/WWRmj5qDuQd4P:3i8LmexRNXHpz

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n86i

Decoy

purpose-guide.com

averyshairco.com

blockchain-365.com

jismlmuu.icu

famosobambino.com

firstclasstruckingny.com

oracleoftheinternet.com

alliesdispatchlogistics.com

salten2.com

bfactivator.com

jgc40.com

nanninghao.com

eigorilla.info

predies.com

dmzg-cn.net

registratetexas.com

maxifina-aprovado.com

mdqqy-dliv.xyz

annurenterprise.com

dongtrunghathaovanphuc.com

Targets

    • Target

      33ec3cc0c0d38101d40af9180c53f7c9

    • Size

      758KB

    • MD5

      33ec3cc0c0d38101d40af9180c53f7c9

    • SHA1

      5be6d174bc87624620fe59bbc80353b74805ce72

    • SHA256

      8a3f3e271bd0d6091efa65101329f9bc896fb9e7f8689010fde4b9c9e48de94c

    • SHA512

      272be7f9578b62823a960e04251b37dff0863afdb61933320965683e4108b85c39e0cb7227f6eadd6732abbb4ef7acf477ec95ece4bd36fb8fee8ba9c64060f4

    • SSDEEP

      12288:3i8BwqmexRU7s3jfttHaY0ezE/WWRmj5qDuQd4P:3i8LmexRNXHpz

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks