General

  • Target

    c431fedb18ff76ae67ac19f6792bf66e

  • Size

    232KB

  • Sample

    231228-fbr5dabbaj

  • MD5

    c431fedb18ff76ae67ac19f6792bf66e

  • SHA1

    95790058b2740dff39438bf2594bd128cb0d615f

  • SHA256

    3407864368687cf310e2cc011b1446b7a2d1caf28cef7ed58d01fa71293f07bd

  • SHA512

    2ec61ba5ac43e0e64c3d91108ec8bbddda89e6e49cd893cc6560168857012501e3f3dab7dd3666a582b6eca13e94aed9be3de266e06d3a0c391ccf7f321eeca2

  • SSDEEP

    6144:s8EedTUftJu6jf4Ugf4fg62JKl8h7aCdkW7mP:jbTUFJuuA4fg62e8day+

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q3t0

Decoy

xn--n8jh0ox33v9th.club

realestateactiongroup.com

theblackcottage.com

iptvfresh.com

firstseviceresidential.com

enhancemarketingsolutions.com

matchawali.com

lockedselfstorage.com

laurencervera.com

waffleicionados.com

ryanplumbingandmechanical.com

mahalabartlemathiassen.com

enter-flowers.com

berlinclick.com

pop.direct

dangeranimalsfounded.press

sweetwhiskerscreamery.com

acaciamultimedia.com

thejoyfulmark.com

bspceducation.com

Targets

    • Target

      c431fedb18ff76ae67ac19f6792bf66e

    • Size

      232KB

    • MD5

      c431fedb18ff76ae67ac19f6792bf66e

    • SHA1

      95790058b2740dff39438bf2594bd128cb0d615f

    • SHA256

      3407864368687cf310e2cc011b1446b7a2d1caf28cef7ed58d01fa71293f07bd

    • SHA512

      2ec61ba5ac43e0e64c3d91108ec8bbddda89e6e49cd893cc6560168857012501e3f3dab7dd3666a582b6eca13e94aed9be3de266e06d3a0c391ccf7f321eeca2

    • SSDEEP

      6144:s8EedTUftJu6jf4Ugf4fg62JKl8h7aCdkW7mP:jbTUFJuuA4fg62e8day+

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks