General

  • Target

    c71e5c2efb9574e0159289f7b1634ba4

  • Size

    634KB

  • Sample

    231228-f2bv3sfhaq

  • MD5

    c71e5c2efb9574e0159289f7b1634ba4

  • SHA1

    7982aeaeda588aedd14d858ffd924769676d31c2

  • SHA256

    1a9057facef9978ff272da6ac0e4018aa27dacb0c878d03b84cb9d3bc1d89b9b

  • SHA512

    c19d368ad11663f4b8e492a81cbea1149ec73567441032f1ae0e4b451936fe1808efe150d10cce1353d73650de0ac57f918f622321aba5bee7abd34897a8b408

  • SSDEEP

    12288:kRpPleIs7iS/d348pF96Ufe9S/yhQ/9Rt4jAObhAeuX0dI6m/gR:kVeIvS/d3rmU5KhQlQAObhAqdI6YC

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ons5

Decoy

caches.xyz

rabbitintheblue.com

seniorenhandy.center

18901088888.net

brightspark.one

alzheimerfacilitycenter.com

chitrakaah.com

kindlestouchcatering.com

abrosnm3.com

pubgmeventpharaoh.com

elitexmate.club

gracebillingsolution.com

sani-ball.com

computingexpress.net

redtentmotorhomes.com

shraderca.com

usechiquedemais.com

kuraberuhoken.net

dppantherpointe.com

blackong.com

Targets

    • Target

      c71e5c2efb9574e0159289f7b1634ba4

    • Size

      634KB

    • MD5

      c71e5c2efb9574e0159289f7b1634ba4

    • SHA1

      7982aeaeda588aedd14d858ffd924769676d31c2

    • SHA256

      1a9057facef9978ff272da6ac0e4018aa27dacb0c878d03b84cb9d3bc1d89b9b

    • SHA512

      c19d368ad11663f4b8e492a81cbea1149ec73567441032f1ae0e4b451936fe1808efe150d10cce1353d73650de0ac57f918f622321aba5bee7abd34897a8b408

    • SSDEEP

      12288:kRpPleIs7iS/d348pF96Ufe9S/yhQ/9Rt4jAObhAeuX0dI6m/gR:kVeIvS/d3rmU5KhQlQAObhAqdI6YC

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks