General

  • Target

    05c2f58892baa673e6dce1721b2ba4c7

  • Size

    676KB

  • Sample

    231229-2hsv5sehhl

  • MD5

    05c2f58892baa673e6dce1721b2ba4c7

  • SHA1

    6dc750666d98c463229074c3e52ca2a65fc6ab4b

  • SHA256

    e188030a6e62811cb9b70788732d04e339e1396c2d546362fa2b47ac572c9fc6

  • SHA512

    ac2a9de3d69531b0c5ad15fba8ad9c029d1e3bfa5a32da6bd23200822daef23c0bbb6f87d1939b3a54236156965385ab9f29979eacc4a7e42ccd5c5ac77b16ca

  • SSDEEP

    12288:Ii3XY/Lu5XtnzM2Z9PINmx/2X3JQIOOwYMxz12YnoI5r2BEnyOW91DnLqZeYCtSo:IPzu5dnF9Pymg5NMxNoI0

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gm9w

Decoy

steffiemor.com

qe2rvstorage.com

louisteak.com

top-dex2.com

fafeiya.com

saffure.com

1upshopandstuff.com

wemove66.com

deckswap.info

joinjifu.com

joboval.com

stilldeliciousvegan.com

intercunt.com

espaciosterapeutas.com

doglai.com

situationslayer.com

adbreaks.net

cdjy666.com

ap70mm.com

gwh525.xyz

Targets

    • Target

      05c2f58892baa673e6dce1721b2ba4c7

    • Size

      676KB

    • MD5

      05c2f58892baa673e6dce1721b2ba4c7

    • SHA1

      6dc750666d98c463229074c3e52ca2a65fc6ab4b

    • SHA256

      e188030a6e62811cb9b70788732d04e339e1396c2d546362fa2b47ac572c9fc6

    • SHA512

      ac2a9de3d69531b0c5ad15fba8ad9c029d1e3bfa5a32da6bd23200822daef23c0bbb6f87d1939b3a54236156965385ab9f29979eacc4a7e42ccd5c5ac77b16ca

    • SSDEEP

      12288:Ii3XY/Lu5XtnzM2Z9PINmx/2X3JQIOOwYMxz12YnoI5r2BEnyOW91DnLqZeYCtSo:IPzu5dnF9Pymg5NMxNoI0

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks