General

  • Target

    059b1244ac9fda54de086692db4b5a08

  • Size

    358KB

  • Sample

    231229-2dq6radhbn

  • MD5

    059b1244ac9fda54de086692db4b5a08

  • SHA1

    6e5f6326bd9da7e5d9c70b3e4491d308eb7f842b

  • SHA256

    abb29be2c1eccd851bdb99b126e822a8cf0f57be95e9b71a921aa703b2c285be

  • SHA512

    513dabdcc13cd81b8be8cf9076862c5f0418d267ed7f6d9e1b7f008aa2f5cb7928ad8fc8a41b69a872d516f771098bd1d83eca86b9dd61b49332527d43e8427f

  • SSDEEP

    6144:GCeJWu3gGB7g1TaqXp/bTLwlLGX7lQtbzRuYqCRxPi4f+99:uWcgGCTaqXhKLGEvRrnm99

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ehp9

Decoy

kebao100.com

telco360.com

gilleyaviation.com

thedangleman.com

kmpetersonphoto.com

bykjsz.com

comparaca.com

wlalumsforantiracism.com

razerzonr.com

856380062.xyz

cubesoftwaresolution.com

atokastore.com

joinlashedbyjamie.com

azcorra.com

lilys-galaxy.com

wheretheresaytheresaway.com

avantix-colts.com

pornsitehub.com

jagoviral.com

loansforgiven.com

Targets

    • Target

      059b1244ac9fda54de086692db4b5a08

    • Size

      358KB

    • MD5

      059b1244ac9fda54de086692db4b5a08

    • SHA1

      6e5f6326bd9da7e5d9c70b3e4491d308eb7f842b

    • SHA256

      abb29be2c1eccd851bdb99b126e822a8cf0f57be95e9b71a921aa703b2c285be

    • SHA512

      513dabdcc13cd81b8be8cf9076862c5f0418d267ed7f6d9e1b7f008aa2f5cb7928ad8fc8a41b69a872d516f771098bd1d83eca86b9dd61b49332527d43e8427f

    • SSDEEP

      6144:GCeJWu3gGB7g1TaqXp/bTLwlLGX7lQtbzRuYqCRxPi4f+99:uWcgGCTaqXhKLGEvRrnm99

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks