General

  • Target

    5abd9fe8bb834ac57bb8b5296014ed4e

  • Size

    1.3MB

  • Sample

    231226-hl7nxsghdn

  • MD5

    5abd9fe8bb834ac57bb8b5296014ed4e

  • SHA1

    bc63598fdbf5bb4823b7cab877682b65210b0fae

  • SHA256

    9bfb5e742521793befd4822ebf2424afa25103981f1acfaabdbb134870a0c4b9

  • SHA512

    3d2980558b721c1c952dd104e6d62a1299cd3f1793c5b13dc32161e24e485feb3f996f7d2964f63e2feb770ae181705d5e5db9e8a4c962b6d9f7fd2f71921087

  • SSDEEP

    24576:2lf6W5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+hu:OliecnZKqKHtRYXNQuiNB/eE6J

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dzqd

Decoy

weekendsday.com

kansasfriedchiken.com

bestselfdrive.com

timeleveragechallenge.com

theunboxiblenation.net

adriaeurope-group.com

acrylicphotobloc.com

theincentivized.com

histreetbutler.com

kumamkt.com

cutepuppyspot.store

crisp-ui.com

easyecotour.com

longshotloungeenglewood.com

esotericclothingco.com

henglai58.com

handmadecircles.com

k9itsrk940aeq6.xyz

service-it-net.com

rt-p-c-14h9-1elk-jpzs.com

Targets

    • Target

      5abd9fe8bb834ac57bb8b5296014ed4e

    • Size

      1.3MB

    • MD5

      5abd9fe8bb834ac57bb8b5296014ed4e

    • SHA1

      bc63598fdbf5bb4823b7cab877682b65210b0fae

    • SHA256

      9bfb5e742521793befd4822ebf2424afa25103981f1acfaabdbb134870a0c4b9

    • SHA512

      3d2980558b721c1c952dd104e6d62a1299cd3f1793c5b13dc32161e24e485feb3f996f7d2964f63e2feb770ae181705d5e5db9e8a4c962b6d9f7fd2f71921087

    • SSDEEP

      24576:2lf6W5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+hu:OliecnZKqKHtRYXNQuiNB/eE6J

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks