General

  • Target

    051e986de390fe146b27a297ffae86a3

  • Size

    791KB

  • Sample

    231229-1y6lhaddh5

  • MD5

    051e986de390fe146b27a297ffae86a3

  • SHA1

    92ac3e2c2e908db1a0800080ff575ab524c703d8

  • SHA256

    d95754d5ca3e8ef0462c99b4f10388a39cfb92b4885a2f0fc0839dc75c869c61

  • SHA512

    abfd04b2194aa929e89fffe50cbd552bccacd8754f8ff5d4f511b89ef0a30c0694cd2a41f1a75c2f83092bdb368e121f2f132d822f7bd335c9b7979673e1d8b9

  • SSDEEP

    12288:sRjfqAqZzoR65AXwgFvuSSHI8+YPPDrdGh3vSFFkpF2it00W5yEv3wCd:7oR6qgT33636F8v0Rfvw

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gno4

Decoy

callsecuritymusic.com

quikngo.com

gardenofbabyclothes.com

bailbondinculvercity.com

nqyaurlz.icu

sultanulhind.com

toddy-bodies.com

kom-hunter.com

theradibio.com

pageonefourplay.info

wildlifetools.com

nobleegoist.com

girlsjerkoff.com

theenlows.com

jyqcxl.com

southernbluebee.com

betfootballthaigold.com

remaxaffinityplus.net

teamlunsford.com

howtoberealonline.com

Targets

    • Target

      051e986de390fe146b27a297ffae86a3

    • Size

      791KB

    • MD5

      051e986de390fe146b27a297ffae86a3

    • SHA1

      92ac3e2c2e908db1a0800080ff575ab524c703d8

    • SHA256

      d95754d5ca3e8ef0462c99b4f10388a39cfb92b4885a2f0fc0839dc75c869c61

    • SHA512

      abfd04b2194aa929e89fffe50cbd552bccacd8754f8ff5d4f511b89ef0a30c0694cd2a41f1a75c2f83092bdb368e121f2f132d822f7bd335c9b7979673e1d8b9

    • SSDEEP

      12288:sRjfqAqZzoR65AXwgFvuSSHI8+YPPDrdGh3vSFFkpF2it00W5yEv3wCd:7oR6qgT33636F8v0Rfvw

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks