General

  • Target

    05a0edfd781368d1b62b066b5aadb278

  • Size

    967KB

  • Sample

    231229-2egnpseafm

  • MD5

    05a0edfd781368d1b62b066b5aadb278

  • SHA1

    cfd9740076f345776543d874d0705571618601c0

  • SHA256

    bae8e6518524a6945339b3a0901e9ad43c03441000b239d777bf60e58eed6324

  • SHA512

    5e2152bdbac47a23cc3d6c524a3c1fd897c51a28a5c17986af8b6679570c8a7b4f38b374836464f72eda59f8bbef873c46bed51bd21b77d974b0cc1f6c8b8610

  • SSDEEP

    12288:EN+rQEDaNyW91w1P+fRyEOzM8KX8MYD7uwgGEtZ182+j4h:dr5DaNyW91wd+fRvOzpKzSywO182Vh

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

k8b5

Decoy

sardamedicals.com

reelectkendavis4council.com

coreconsultation.com

fajarazhary.com

mybitearner.com

brightpet.info

voicewithchoice.com

bailbondscompany.xyz

7133333333.com

delights.info

gawlvegdr.icu

sdqhpm.com

we2savvyok.com

primallifeathlete.com

gdsinglecell.com

isokineticmachines.com

smartneckrelax.com

gardenvintage.com

hiphopvolume.com

medicapoint.com

Targets

    • Target

      05a0edfd781368d1b62b066b5aadb278

    • Size

      967KB

    • MD5

      05a0edfd781368d1b62b066b5aadb278

    • SHA1

      cfd9740076f345776543d874d0705571618601c0

    • SHA256

      bae8e6518524a6945339b3a0901e9ad43c03441000b239d777bf60e58eed6324

    • SHA512

      5e2152bdbac47a23cc3d6c524a3c1fd897c51a28a5c17986af8b6679570c8a7b4f38b374836464f72eda59f8bbef873c46bed51bd21b77d974b0cc1f6c8b8610

    • SSDEEP

      12288:EN+rQEDaNyW91w1P+fRyEOzM8KX8MYD7uwgGEtZ182+j4h:dr5DaNyW91wd+fRvOzpKzSywO182Vh

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks