General

  • Target

    019f94493f60d6cb145b4ce0af61a04c

  • Size

    951KB

  • Sample

    231229-x4l79sadhj

  • MD5

    019f94493f60d6cb145b4ce0af61a04c

  • SHA1

    3964f346a9b46b1a00f58d942824624feecb4e21

  • SHA256

    b1c0d03ce438a2d22a8b2d3b9133d14cd81d0dc5470df02e174bed586898f8ab

  • SHA512

    5a8331d593ddb86ef102a1fa0ce439a50725e943983c56976eae2c6d76d966e9a2ec3391ecfeb27fd7e08e604a5ff6838a21a83a67b47fe18c0bbf133b8e4f25

  • SSDEEP

    12288:VxRwxKxO6F84DtPASSVdYiO5GpS4u6C5oWpf0y3k0Vb/AElj8iDxLBYR1p2Z3+XV:GMOqrGSuDfCACUeQ+mgg

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n6ce

Decoy

globalyzr.com

lasvegascasino.host

homerepairsupplies.com

feshlifefarmproduce.com

speaking123.com

menghai-cn.com

findfantasyfootballleagues.com

starbet365.com

isabellelodo.com

1031investmentsgroup.com

hmwxxs.com

littlehomeimprovements.com

visagebeautystudiollc.com

gessunt.com

nomadguitarist.com

ktcollegeconsulting.com

clientstudio.net

deciempro.com

puraniwheels.com

mattwatt.xyz

Targets

    • Target

      019f94493f60d6cb145b4ce0af61a04c

    • Size

      951KB

    • MD5

      019f94493f60d6cb145b4ce0af61a04c

    • SHA1

      3964f346a9b46b1a00f58d942824624feecb4e21

    • SHA256

      b1c0d03ce438a2d22a8b2d3b9133d14cd81d0dc5470df02e174bed586898f8ab

    • SHA512

      5a8331d593ddb86ef102a1fa0ce439a50725e943983c56976eae2c6d76d966e9a2ec3391ecfeb27fd7e08e604a5ff6838a21a83a67b47fe18c0bbf133b8e4f25

    • SSDEEP

      12288:VxRwxKxO6F84DtPASSVdYiO5GpS4u6C5oWpf0y3k0Vb/AElj8iDxLBYR1p2Z3+XV:GMOqrGSuDfCACUeQ+mgg

    Score
    10/10
    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks