General

  • Target

    64b8ce71634358d220c7eb599a73556d

  • Size

    337KB

  • Sample

    231226-lqq4hsacen

  • MD5

    64b8ce71634358d220c7eb599a73556d

  • SHA1

    06d0687b32181d1611d20c60078526850049e38b

  • SHA256

    ef925865b194ddd0d59233fec99f8e3608a623c3d4f7eaaf34b9af57f9bb0a82

  • SHA512

    54ed51ed7ce72d0f4045b5a7f253ee88d503196085e0497fd4ef8599254bce570161da43b6ac949a15629f1f58777971696eaea6e4dd345e6ae0f8d698f48ba4

  • SSDEEP

    6144:HzW9OawmfBcAqh3SBUjSLxRtx0RfoqZi378JHoAE3MXue5TUakec:HPlmfOUUjSlx0Rhi3WHon8JTUa9c

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dy8g

Decoy

mzyxi-rkah-y.net

okinawarongnho.com

qq66520.com

nimbus.watch

cwdelrio.com

regalshopper.com

avito-payment.life

jorgeporcayo.com

galvinsky.digital

guys-only.com

asmfruits-almacenes.com

boatrace-life04.net

cochez.club

thelastvictor.net

janieleconte.com

ivoirepneus.com

saludflv.info

mydreamtv.net

austinphy.com

cajunseafoodstcloud.com

Targets

    • Target

      64b8ce71634358d220c7eb599a73556d

    • Size

      337KB

    • MD5

      64b8ce71634358d220c7eb599a73556d

    • SHA1

      06d0687b32181d1611d20c60078526850049e38b

    • SHA256

      ef925865b194ddd0d59233fec99f8e3608a623c3d4f7eaaf34b9af57f9bb0a82

    • SHA512

      54ed51ed7ce72d0f4045b5a7f253ee88d503196085e0497fd4ef8599254bce570161da43b6ac949a15629f1f58777971696eaea6e4dd345e6ae0f8d698f48ba4

    • SSDEEP

      6144:HzW9OawmfBcAqh3SBUjSLxRtx0RfoqZi378JHoAE3MXue5TUakec:HPlmfOUUjSlx0Rhi3WHon8JTUa9c

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks