General

  • Target

    38b44fbb9958ced799d14364807288c1

  • Size

    254KB

  • Sample

    231225-ydrkqscegm

  • MD5

    38b44fbb9958ced799d14364807288c1

  • SHA1

    9251bce24a30a21d0945758233fb4dc26a5469c0

  • SHA256

    dd822ee43ae3b7a8dd5e8239c26f8902eb5d6b3d199d52bddd738e2ed6555fc5

  • SHA512

    466349942ba545ecc97cddead0560bac2907e4c0089e338113cee97d180fc71d0a71ba4d0a1dcba048967c9950694974b39e2ca55d1dea1ec861321c8a5ddefa

  • SSDEEP

    6144:Md53TvpHeIl0basbqL1y7Bl4JwvO13c2nlU4F0uYIU1S1OeT:Md53TvpHeIl0baYFywvOhjFxYIvO4

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u8aa

Decoy

quantexchanges.com

hizliarac.com

dropsdementanovohamburgo.com

tcinsurancegroup.net

byobvendors.com

arteasba.com

azrealtorsmastermind.com

voiceof5aabtv.com

zoom-bloopers.com

jxsenmei.com

interia-poczta.email

coolgiftbaskets.net

magetu.info

weedliberal.com

drsergiocastilloangiologo.com

starinsiderau.com

weightneutralmetflex.com

youxiandian.com

liberation.media

ferrari-news.com

Targets

    • Target

      38b44fbb9958ced799d14364807288c1

    • Size

      254KB

    • MD5

      38b44fbb9958ced799d14364807288c1

    • SHA1

      9251bce24a30a21d0945758233fb4dc26a5469c0

    • SHA256

      dd822ee43ae3b7a8dd5e8239c26f8902eb5d6b3d199d52bddd738e2ed6555fc5

    • SHA512

      466349942ba545ecc97cddead0560bac2907e4c0089e338113cee97d180fc71d0a71ba4d0a1dcba048967c9950694974b39e2ca55d1dea1ec861321c8a5ddefa

    • SSDEEP

      6144:Md53TvpHeIl0basbqL1y7Bl4JwvO13c2nlU4F0uYIU1S1OeT:Md53TvpHeIl0baYFywvOhjFxYIvO4

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks