General

  • Target

    a9a1cce400d6f4463f497abedb127b7b

  • Size

    422KB

  • Sample

    231227-jsas7sdfcp

  • MD5

    a9a1cce400d6f4463f497abedb127b7b

  • SHA1

    3ec9e3c590b5a9b83e22e951fb94471be0fc2a63

  • SHA256

    9d15e1914adb8635702072168d8d6bbee2d13d4427f0e87b9be4c2905c58ce2a

  • SHA512

    de5d5e19fd4fcbf5facc8394841e4a3a1d23386cfaec1387ea6e38c807c179a5b64c6f495aa426b436099a13b659931a6d670090aa259e9b91d43e12e5834c2e

  • SSDEEP

    12288:kJLT30zXq8/CvFVrrw+/1Ig1UCJYKuj3u:kBThOC9VvrUCJYKwu

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

hdco

Decoy

csgo-buff.com

anphulong.site

sistemveag.xyz

latinosinhumanresources.com

lubenia.com

timelapse.company

sudhdesiiptv.com

yui61.com

hevibank.com

idreatreat.com

messengercalls.com

willbm.com

rujukanakauntan.com

poolemarina.com

gococonutoil.com

cryptoscoot.club

petarsandmay.com

insaenjournal.com

shopglau.com

myrandr.com

Targets

    • Target

      a9a1cce400d6f4463f497abedb127b7b

    • Size

      422KB

    • MD5

      a9a1cce400d6f4463f497abedb127b7b

    • SHA1

      3ec9e3c590b5a9b83e22e951fb94471be0fc2a63

    • SHA256

      9d15e1914adb8635702072168d8d6bbee2d13d4427f0e87b9be4c2905c58ce2a

    • SHA512

      de5d5e19fd4fcbf5facc8394841e4a3a1d23386cfaec1387ea6e38c807c179a5b64c6f495aa426b436099a13b659931a6d670090aa259e9b91d43e12e5834c2e

    • SSDEEP

      12288:kJLT30zXq8/CvFVrrw+/1Ig1UCJYKuj3u:kBThOC9VvrUCJYKwu

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks