General

  • Target

    b541f6972e9401c1d339ee834624964f

  • Size

    306KB

  • Sample

    231227-tdkpzahfar

  • MD5

    b541f6972e9401c1d339ee834624964f

  • SHA1

    e3fa558950572781b9e5c0cf90ab2f33bfe1f6ba

  • SHA256

    f538cb4adcbb1a2e38c8dfc39eeac67fdfa5d2a4c5481b694a56d5419de0d13b

  • SHA512

    07c4d392c63599db9e0a6c54d8dd524d8a81b545e8d653a77b31d6854f269e36ce5c1f02506fabbab10062abed953bebbbdc938f1028d9353d9215b16433c4cd

  • SSDEEP

    6144:AkPdLOh96y/zSH3oPRXKfdCOypaQwSrivjLvHWqTs8:AkdCh9Fi3UJKMfDwKivHWqw8

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n1gb

Decoy

eggrollkinglittleton.com

apexprepcenter.com

therockwellpenthouse.com

buywellcoffee.com

ttbdigitalsolutions.com

ev3adam.com

ngdnwgtsf.club

innercirclegames.net

armyofaffirmationsbyardys4u.com

ownitofficial.com

ksbigdata.com

kayleightaylorphotography.com

darziwale.com

besthomespeakers.com

geeksservices88.xyz

bnmyy.com

lovemyhealthycandy.com

cowriecom.com

123movie.review

checkeraccount.store

Targets

    • Target

      USD 9 938 04.exe

    • Size

      253KB

    • MD5

      d6f5d8daa9c4f1eb811f917cb36e3ae8

    • SHA1

      376fe067529472be82e9ad8021723c324c9147b2

    • SHA256

      1e84489998e9058c4f93028b83f2f4cc1655548ef6160cb42c469b9714de6271

    • SHA512

      aefd7b64944efad0bf5e01c87ec057df88a9826b54b097e9aa79e923e6b136aef8f439f9ac5f697465f806a04678690103cc6ab5cfc0a6fd6d731b1c60d5be6b

    • SSDEEP

      6144:hd53TvpHeIl0CAIJVlFMhoP1RGoS5u9goIO+tdANvSRq4KfMn7etE9it:hd53TvpHeIl0CAIR9675QgodqdANfU7g

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks