General

  • Target

    52787dbd8e044adbcb1a4510fb3cc733

  • Size

    1.5MB

  • Sample

    231226-ekw91sahhj

  • MD5

    52787dbd8e044adbcb1a4510fb3cc733

  • SHA1

    c640950e171c8a8bd2e0cf15622b8d19473d4618

  • SHA256

    3f3c2d584a904ed976a130b022c037cbc477f620149436971ffe78c1e42e706d

  • SHA512

    f26db1a8d86145192812840cb19c10f24e1950b31d39775c88e2059b478d67b76d341cd42cd5a966b083febe65d65cc1bd908c74fe68e5ad9205274ee55bcce3

  • SSDEEP

    24576:aSMNOW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+h9:FAZiecO/k0sOD5BvNxeNQuiNB/e

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ev6c

Decoy

sdomenechf.com

wealthyvend.com

nolimitscollective.com

producees.com

cleanequipsb.com

term-preview.us

openspacetechnicalsolutions.com

nubankbrasil.com

bluedaascorp.com

eco-friendly-goods.com

adione.club

magetu.info

daroudi.com

zgsmledlights.com

1alnafrica.com

rescuingyourspace.com

venipe.com

kimrucker.com

for96phone.com

motomaxxmn.com

Targets

    • Target

      52787dbd8e044adbcb1a4510fb3cc733

    • Size

      1.5MB

    • MD5

      52787dbd8e044adbcb1a4510fb3cc733

    • SHA1

      c640950e171c8a8bd2e0cf15622b8d19473d4618

    • SHA256

      3f3c2d584a904ed976a130b022c037cbc477f620149436971ffe78c1e42e706d

    • SHA512

      f26db1a8d86145192812840cb19c10f24e1950b31d39775c88e2059b478d67b76d341cd42cd5a966b083febe65d65cc1bd908c74fe68e5ad9205274ee55bcce3

    • SSDEEP

      24576:aSMNOW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+h9:FAZiecO/k0sOD5BvNxeNQuiNB/e

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks