General

  • Target

    05c762883c078bda88a53ed791045196

  • Size

    612KB

  • Sample

    231229-2h4yeahhf5

  • MD5

    05c762883c078bda88a53ed791045196

  • SHA1

    98f81e190efeddbd12c969210fa1256f6995835d

  • SHA256

    dcec78b74887fa7c94c0d1a451a3d3cb33efe58070f4b7d2e78d043cac3c83b1

  • SHA512

    04e4dcdece56a38c990d8d4f6865367e7549c5802b42282b36fa0b025ea91058889c72ae4923b341267993d3e0878b0d9ea0b03301054630670240836966743e

  • SSDEEP

    12288:tsAbA3XfDEahtQKPdMonpmyJgiNY4lA4OPW4u4hK/R1qFR2E9UZ5UfiJaJwRcoBZ:tsA8LjhtpJQy3pA4O+4m

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

66op

Decoy

ttxyzp.com

miamivendingservices.com

namanhphat.com

filmexllc.com

snowflakebytes.net

qygdance.com

small-mart.online

libryapp.com

guadelouperegistry.net

hoodiessport.com

tienda-china.com

musicergonomy.com

yahonatinog.space

lvn.xyz

aerospace-engineers.com

bluemountainbeveragecompany.com

thedonationcard.com

gigharborcancercare.com

restondefencejobs.com

alfenafootwear.com

Targets

    • Target

      05c762883c078bda88a53ed791045196

    • Size

      612KB

    • MD5

      05c762883c078bda88a53ed791045196

    • SHA1

      98f81e190efeddbd12c969210fa1256f6995835d

    • SHA256

      dcec78b74887fa7c94c0d1a451a3d3cb33efe58070f4b7d2e78d043cac3c83b1

    • SHA512

      04e4dcdece56a38c990d8d4f6865367e7549c5802b42282b36fa0b025ea91058889c72ae4923b341267993d3e0878b0d9ea0b03301054630670240836966743e

    • SSDEEP

      12288:tsAbA3XfDEahtQKPdMonpmyJgiNY4lA4OPW4u4hK/R1qFR2E9UZ5UfiJaJwRcoBZ:tsA8LjhtpJQy3pA4O+4m

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks