General

  • Target

    05a49f5f7a607b0d3bc40d6388c16ba1

  • Size

    2.2MB

  • Sample

    231229-2e1ftaebdr

  • MD5

    05a49f5f7a607b0d3bc40d6388c16ba1

  • SHA1

    f3500ac3052799fd6f148661821433752e85b88d

  • SHA256

    25c4bfa172cf7cf54c8c359ac9de186584adc6b5d3acd0d48bfe169002f19799

  • SHA512

    25b6416360d351388dcb646fcb4c79c8d8d7aa34a5db108a4d0879a063df93b42351ebc08010d5f2d96bde19cf495389c780cce1a334861aab0445735c8c1a16

  • SSDEEP

    24576:sWxtj4a1Zh5BtpahOpDTXfuUAgLMXmglNHMVlTUdKFNgjBwPBOHxWxtj4a1Zh5BA:xzut5XB27gszut5XB27gD

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

tyns

Decoy

jayetincture.com

goicuoc-4gviettelthang.club

amcsetory.com

hljjh.com

saifedesign.com

dkdimensions.com

pestcontroladviser.com

elferingewort.com

aduhelmsupport.com

around30-healthlife.com

sahintasimacilik.com

marshpillowhere.com

revenuexll.com

itsbcbasupervision.com

gregorysfencingandmore.com

ardatekniklpg.com

lamiajoias.com

baofengsm.com

astanusa.com

shinglobal1201.com

Targets

    • Target

      Factura F-40821.exe

    • Size

      1.1MB

    • MD5

      af2e64375e5e3ad35f0d5c6b773c2732

    • SHA1

      a1d28973ce86c1b6fc1d2268c41cb3d43c890f93

    • SHA256

      d4abcb7a4f3f901cc752a8969253a2ea0870547a52be79b9da905dbc8046a0e1

    • SHA512

      cc17964392e61cee40fbcd951c51333c3caf6c5cff400ad0bf4d935032d6c967fd92bd7c4ff93d89bd009566c065070b0718bd743a9f8211f58c9ff814564fbd

    • SSDEEP

      24576:Po2A4drxmOPJ7RNewMI/Bf+VCTZ7D/NJKaom:gbaPJtNeyBfNZ7pJKlm

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

    • Target

      Factura F-40821.exe

    • Size

      1.1MB

    • MD5

      af2e64375e5e3ad35f0d5c6b773c2732

    • SHA1

      a1d28973ce86c1b6fc1d2268c41cb3d43c890f93

    • SHA256

      d4abcb7a4f3f901cc752a8969253a2ea0870547a52be79b9da905dbc8046a0e1

    • SHA512

      cc17964392e61cee40fbcd951c51333c3caf6c5cff400ad0bf4d935032d6c967fd92bd7c4ff93d89bd009566c065070b0718bd743a9f8211f58c9ff814564fbd

    • SSDEEP

      24576:Po2A4drxmOPJ7RNewMI/Bf+VCTZ7D/NJKaom:gbaPJtNeyBfNZ7pJKlm

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks