General

  • Target

    4e05c01fc9dcf68548c55e81728501b4

  • Size

    336KB

  • Sample

    231226-dc2dbsbdhr

  • MD5

    4e05c01fc9dcf68548c55e81728501b4

  • SHA1

    d7cb68868ecbc1d386823be8f3c11ce53724cb8d

  • SHA256

    8d167481e6f45383f10a657039cfa2bfaa4a29ccf4be55615a1fc57241e26c2d

  • SHA512

    afa52666fb6eca90c5ab02389f8495e25d4dbd55864745f22e9439c1d1f2fbdfdc0252fdc5c31e72caa99103bfc3afcf435450c3d64258145b1ab3d971f485e7

  • SSDEEP

    6144:c29wiaEfBcDqh3SB/igBKjB9/42u/wISrIRMK+5SS3bL:c5XEfOZ/5KjG4TLQSH

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ftgq

Decoy

naturalbeautyapparel.com

abtotalsolution.com

periclescapitalmanagement.com

pleasejustdont.com

ryanscode.com

carsandscooters.com

best-polarized-sunglasses.com

hoodshawaii.com

titaefred.com

tomrings.com

swededenoting.host

birthdaytease.com

xaydzn.com

scutganxun.com

gdzhongle.com

alossol.com

shivamshield.com

fashionnailsjohnston.com

jobuelas.com

arvopaert.com

Targets

    • Target

      4e05c01fc9dcf68548c55e81728501b4

    • Size

      336KB

    • MD5

      4e05c01fc9dcf68548c55e81728501b4

    • SHA1

      d7cb68868ecbc1d386823be8f3c11ce53724cb8d

    • SHA256

      8d167481e6f45383f10a657039cfa2bfaa4a29ccf4be55615a1fc57241e26c2d

    • SHA512

      afa52666fb6eca90c5ab02389f8495e25d4dbd55864745f22e9439c1d1f2fbdfdc0252fdc5c31e72caa99103bfc3afcf435450c3d64258145b1ab3d971f485e7

    • SSDEEP

      6144:c29wiaEfBcDqh3SB/igBKjB9/42u/wISrIRMK+5SS3bL:c5XEfOZ/5KjG4TLQSH

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks