General

  • Target

    b065fd2f4a275b4b09e831261cb118ba

  • Size

    465KB

  • Sample

    231227-patq9aheaq

  • MD5

    b065fd2f4a275b4b09e831261cb118ba

  • SHA1

    fa6aa739bd9a427f2b465ae3c37ba2c5c81a89bb

  • SHA256

    7f6c173fe8dfdbe249e43ff5855d82f9ae9c86a1d47a6515eae08f3c5afadc78

  • SHA512

    d578491e5912ed8853707d06c6746fa72e3b865b63e7988e99b83c2c6134ed3e07a05107e54c3f2857d8b60effce7469776c6bde4a26dd613c1efbf18b761bf2

  • SSDEEP

    12288:VbgQ+Z8sULFcz3bqfINgTfE6aD7VWumhw471M4g:VboZkcz32fINgTf05WLw477g

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m6b5

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Targets

    • Target

      Instruction copy.exe

    • Size

      960KB

    • MD5

      f91a66d080744b9e8b946984d6d747c4

    • SHA1

      886580b7e7d7f27135d2c9981770a2a59332e680

    • SHA256

      c6a1a1a68b5faac43930deeab9cd6745bde62869786e21e0681b3dc0973afa80

    • SHA512

      b559c9048de556c45f77e26d4c2f1c7785348b76ae4d5f9957e202a5c9d01e7c68a1a3958aeede45ff427ad741b01fcd15497e67898acfc5176f9ac9aa1e2238

    • SSDEEP

      12288:p1baMm92lXt74Hu+sYq46e++BJETV7MSDPlGRZz/mnk4zQIL7cQGB3gVIZlH3pmB:pBLN4rpaJye9mjs2M

    • Detect ZGRat V1

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks