General

  • Target

    558155cf432e0f149f74c1f6aa0ba2cc

  • Size

    415KB

  • Sample

    231226-ffdsjsfhgq

  • MD5

    558155cf432e0f149f74c1f6aa0ba2cc

  • SHA1

    fd4102fc9f4314d58933ae44384e013d24c40946

  • SHA256

    b7c6525d0876c715656a7f3506d99c03569547c86d478cac497c2a018f695149

  • SHA512

    aab6111f1b009469f2ce86b2f4c0c04ed31f607e60dd6a2c0287338f7a50e139fd3b5cba7c885eb99bf5e0d56193327c7b79bf0b01bbdaf9afbc61f29abfb81e

  • SSDEEP

    6144:Jd53TvpHeIl0e1IBPl4ar12aTDV6BLxfFpQG2lmM:Jd53TvpHeIl0e1I8arwp3Ajld

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

hdco

Decoy

csgo-buff.com

anphulong.site

sistemveag.xyz

latinosinhumanresources.com

lubenia.com

timelapse.company

sudhdesiiptv.com

yui61.com

hevibank.com

idreatreat.com

messengercalls.com

willbm.com

rujukanakauntan.com

poolemarina.com

gococonutoil.com

cryptoscoot.club

petarsandmay.com

insaenjournal.com

shopglau.com

myrandr.com

Targets

    • Target

      558155cf432e0f149f74c1f6aa0ba2cc

    • Size

      415KB

    • MD5

      558155cf432e0f149f74c1f6aa0ba2cc

    • SHA1

      fd4102fc9f4314d58933ae44384e013d24c40946

    • SHA256

      b7c6525d0876c715656a7f3506d99c03569547c86d478cac497c2a018f695149

    • SHA512

      aab6111f1b009469f2ce86b2f4c0c04ed31f607e60dd6a2c0287338f7a50e139fd3b5cba7c885eb99bf5e0d56193327c7b79bf0b01bbdaf9afbc61f29abfb81e

    • SSDEEP

      6144:Jd53TvpHeIl0e1IBPl4ar12aTDV6BLxfFpQG2lmM:Jd53TvpHeIl0e1I8arwp3Ajld

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks