General

  • Target

    36d8b82d2f7ac47bf97b3e4a59cc2cff

  • Size

    1.2MB

  • Sample

    231225-xt4pkaaga2

  • MD5

    36d8b82d2f7ac47bf97b3e4a59cc2cff

  • SHA1

    5c2c8aa6f1752e8bf7510c117e9bd707ed7d100a

  • SHA256

    2a30701fc932253a4c5345ea1a00429c7790fe43d9762b75ea47f5b68e3a547f

  • SHA512

    dc0c91e1025c1a4047e4b737a1a297dd0073e6585152467dbae9e9bf2e89c87f0f8d6524ca1fb33c484b7cce47cc5922ecfd0c9d3a92df919d478e583d8ad536

  • SSDEEP

    24576:BgS/d3GKzksbksjVHjV/17sBrn8JUlP1fsy8jhMN6QN7:AKVNZY78JIuCN6QN7

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

um8e

Decoy

theypretend.com

hopeschildren.com

kuly.cloud

maniflexx.net

bedtimesocietyblog.com

spenglerwetlandpreserve.com

unity-play.net

bonap56.com

consciencevc.com

deluxeluxe.com

officialjuliep.com

cttrade.club

quietflyt.com

mcabspl.com

lippocaritahotel.com

tolanfilms.xyz

momenaagro.com

slingshotart.com

thefoundershuddle.com

mobilbaris.com

Targets

    • Target

      36d8b82d2f7ac47bf97b3e4a59cc2cff

    • Size

      1.2MB

    • MD5

      36d8b82d2f7ac47bf97b3e4a59cc2cff

    • SHA1

      5c2c8aa6f1752e8bf7510c117e9bd707ed7d100a

    • SHA256

      2a30701fc932253a4c5345ea1a00429c7790fe43d9762b75ea47f5b68e3a547f

    • SHA512

      dc0c91e1025c1a4047e4b737a1a297dd0073e6585152467dbae9e9bf2e89c87f0f8d6524ca1fb33c484b7cce47cc5922ecfd0c9d3a92df919d478e583d8ad536

    • SSDEEP

      24576:BgS/d3GKzksbksjVHjV/17sBrn8JUlP1fsy8jhMN6QN7:AKVNZY78JIuCN6QN7

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks