General

  • Target

    af02104b5d055208c0004ed98897a8a0

  • Size

    628KB

  • Sample

    231227-m9zensehdl

  • MD5

    af02104b5d055208c0004ed98897a8a0

  • SHA1

    751fd909f007a4389770deff024627c49d78928c

  • SHA256

    61496a330e7add2b8cbefd01c57ea47770335a9a8cf648053be4039f4b0be6fb

  • SHA512

    57ec7c0e74a45419d4c14fc7cb358324f82756c40026c09f0d23a27a73d69de0fd5e8b349bd6f6d0a431e2b29f558d0a39872a08915e96c6b16174abb33bc65a

  • SSDEEP

    12288:YBoT7Sgxyoy5u0MpQhBw68/iaAjzQ1eYk+0EChbV8wn27mo5oFCEkv:wyJQous6BA7mo5oFCEkv

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

t53x

Decoy

elitenewyorkart.com

xuongdobongda.net

prepostclinic.com

wyypdenky.icu

resistcomic.com

therapytshirtsgifts.com

yearbookart.com

pruxstore.com

nqubuka.net

vivajaliscotaquerias.com

acadianfire.com

pkyizu.com

cutewebclock.com

5g22k.com

salam-national.com

xn--hw4bn4cizoete.com

maatilamanager.com

motoboom.net

turquoisebymony.com

winervilla.com

Targets

    • Target

      af02104b5d055208c0004ed98897a8a0

    • Size

      628KB

    • MD5

      af02104b5d055208c0004ed98897a8a0

    • SHA1

      751fd909f007a4389770deff024627c49d78928c

    • SHA256

      61496a330e7add2b8cbefd01c57ea47770335a9a8cf648053be4039f4b0be6fb

    • SHA512

      57ec7c0e74a45419d4c14fc7cb358324f82756c40026c09f0d23a27a73d69de0fd5e8b349bd6f6d0a431e2b29f558d0a39872a08915e96c6b16174abb33bc65a

    • SSDEEP

      12288:YBoT7Sgxyoy5u0MpQhBw68/iaAjzQ1eYk+0EChbV8wn27mo5oFCEkv:wyJQous6BA7mo5oFCEkv

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks