General

  • Target

    66c4f76952e85ae216f17f31577e50bd

  • Size

    1.2MB

  • Sample

    231226-mcxvkseaam

  • MD5

    66c4f76952e85ae216f17f31577e50bd

  • SHA1

    d88cac4cf02678e0ff31eb2d51432b4e7d3b0443

  • SHA256

    6d4f4677f25f146ff004fd2f256ed706ba53ad83923de4a183276a9c4397a5ce

  • SHA512

    abf6ef9172a86bd4af758fc061853a78d4f5618a7d12b67c141ad4aaed6d14f129970b95877dc767118b9a1f86f7c908be2dbb1c5dbf6021d667051d6de18199

  • SSDEEP

    24576:dGOsBgo0q4wM0BmCmTOUd+L6kuXWCFLrO8CHP6jDhrhF9L:dvoHMMmCm6Ud+zuXFO8+Sj1rhF

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ons5

Decoy

caches.xyz

rabbitintheblue.com

seniorenhandy.center

18901088888.net

brightspark.one

alzheimerfacilitycenter.com

chitrakaah.com

kindlestouchcatering.com

abrosnm3.com

pubgmeventpharaoh.com

elitexmate.club

gracebillingsolution.com

sani-ball.com

computingexpress.net

redtentmotorhomes.com

shraderca.com

usechiquedemais.com

kuraberuhoken.net

dppantherpointe.com

blackong.com

Targets

    • Target

      66c4f76952e85ae216f17f31577e50bd

    • Size

      1.2MB

    • MD5

      66c4f76952e85ae216f17f31577e50bd

    • SHA1

      d88cac4cf02678e0ff31eb2d51432b4e7d3b0443

    • SHA256

      6d4f4677f25f146ff004fd2f256ed706ba53ad83923de4a183276a9c4397a5ce

    • SHA512

      abf6ef9172a86bd4af758fc061853a78d4f5618a7d12b67c141ad4aaed6d14f129970b95877dc767118b9a1f86f7c908be2dbb1c5dbf6021d667051d6de18199

    • SSDEEP

      24576:dGOsBgo0q4wM0BmCmTOUd+L6kuXWCFLrO8CHP6jDhrhF9L:dvoHMMmCm6Ud+zuXFO8+Sj1rhF

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks