General

  • Target

    059d92b876948ff3102b8c78e26621d0

  • Size

    929KB

  • Sample

    231229-2d6w7sdhgr

  • MD5

    059d92b876948ff3102b8c78e26621d0

  • SHA1

    e6bece6beffcd17c46750905bf89687de514af0e

  • SHA256

    55dc099e790b76a62f56ef105ca53205ea69d9f4027a93554b03d573f112d643

  • SHA512

    07fca22a8a65ad3108f6406d1a80b7f1b6467939fee349b80cd2bdde97c77475dcd826715687896f7b1e7310c597919ef8bc5a9ceb550cab57c78e9b0b544314

  • SSDEEP

    12288:UYcsGI/cSU+zdTGN/u+I7tTduj0E/VE1/SvmzgLcYz+V77ntOURyawjAJEp2EObk:UcnzdyhmtT879E1aHcE+tDRajr

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

kmb0

Decoy

undergroundumbrella.net

911dronesolutions.com

virtualisbureautique.com

top-dex2.com

domaddict.net

dailyinformers.com

lovefromnewyork.com

trhszyy.com

medbedz.com

localoffersdirect.com

lxgyuming.com

jonhv.com

causaqg.icu

mma4kids.net

plexfun.com

raykadesign.com

zerocreditlease.com

tayreypsllc.com

0356530708.com

antman100.com

Targets

    • Target

      059d92b876948ff3102b8c78e26621d0

    • Size

      929KB

    • MD5

      059d92b876948ff3102b8c78e26621d0

    • SHA1

      e6bece6beffcd17c46750905bf89687de514af0e

    • SHA256

      55dc099e790b76a62f56ef105ca53205ea69d9f4027a93554b03d573f112d643

    • SHA512

      07fca22a8a65ad3108f6406d1a80b7f1b6467939fee349b80cd2bdde97c77475dcd826715687896f7b1e7310c597919ef8bc5a9ceb550cab57c78e9b0b544314

    • SSDEEP

      12288:UYcsGI/cSU+zdTGN/u+I7tTduj0E/VE1/SvmzgLcYz+V77ntOURyawjAJEp2EObk:UcnzdyhmtT879E1aHcE+tDRajr

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks