General

  • Target

    06e3ffb676ec9153a5f6a89bfe26f4a4

  • Size

    301KB

  • Sample

    231229-3e8ymaheb3

  • MD5

    06e3ffb676ec9153a5f6a89bfe26f4a4

  • SHA1

    ced9d20011612e4e34b92edab10f402187c2c9dc

  • SHA256

    1736c3f3d740011ba6f6d8f18def38d20f0bcbf88c3f69821db18578bc00590a

  • SHA512

    9445f11f8b438bbcace0eb2e85a91147fb6c3db09067f955da9b0f65d1b68e0d226fb9ddd49b1994bf279567c958b503734b93b1267c49fb1a2db2f7a7188567

  • SSDEEP

    6144:SRDulwWaxlBKjXr5qQ6pR22un16WV/G3G3C:SR6gCj9f6pUZ/G1

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qb4a

Decoy

travelsonabike2.net

eurekaprice.com

bkardd.com

vr893.com

nnsxykj.com

q-p.info

691485.com

magixe.com

frankysfurnituregallery.com

businessloansug.com

rocketcompaniesshady.info

lercoantincenti.com

pelosi4never.com

bide168.com

socialsecuritybonds.com

xn--hy1bj7gtvmh9a15t.com

anjaschaefer.net

wickedfavicon.com

bitesizedstudio.com

ecogiftsuk.com

Targets

    • Target

      06e3ffb676ec9153a5f6a89bfe26f4a4

    • Size

      301KB

    • MD5

      06e3ffb676ec9153a5f6a89bfe26f4a4

    • SHA1

      ced9d20011612e4e34b92edab10f402187c2c9dc

    • SHA256

      1736c3f3d740011ba6f6d8f18def38d20f0bcbf88c3f69821db18578bc00590a

    • SHA512

      9445f11f8b438bbcace0eb2e85a91147fb6c3db09067f955da9b0f65d1b68e0d226fb9ddd49b1994bf279567c958b503734b93b1267c49fb1a2db2f7a7188567

    • SSDEEP

      6144:SRDulwWaxlBKjXr5qQ6pR22un16WV/G3G3C:SR6gCj9f6pUZ/G1

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks