General

  • Target

    02ced7a2ac43974d22cac7d5abb9ccb6

  • Size

    644KB

  • Sample

    231229-y2jj2aaefj

  • MD5

    02ced7a2ac43974d22cac7d5abb9ccb6

  • SHA1

    e4e7f22e65cb4b17dde3998049d3d0a7245b2bb3

  • SHA256

    62df68b2db0b080a2e963f0c082b5df7b15819032e11fbe5e9dfcfb8d143f61e

  • SHA512

    9b18e0e9579f8cd4618729d69a8977510c9003badf9847fba584843fe05a20315d3fdc007b77cfd661805bb9c5a9881f54769cfca4b9a8f9a5b8ccbef893849d

  • SSDEEP

    12288:U/aNxB7iS/d348fzplYfjv030ZWR8mLZyY8Xnptkju6YJyqxZzrhhDZI0H:UWxgS/d3xzplajvQ0ZWuCyY8XvmqxZz/

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

iuem

Decoy

agileatefoundation.com

preheimphotography.com

blueivymart.com

magetu.info

sunayah.com

gulumsecafe.com

belveder.net

pumpkinmangaming.com

playd6plus.com

thuanland.com

blacklivesmatterforreal.com

enviromentalco.com

ferronnstyle.com

mrbeagleshop.com

whmlqx.com

unifiedfederal.com

purest-you.com

ashleymartinonline.com

bayareaportraitphotographer.com

ysnrjelx.icu

Targets

    • Target

      02ced7a2ac43974d22cac7d5abb9ccb6

    • Size

      644KB

    • MD5

      02ced7a2ac43974d22cac7d5abb9ccb6

    • SHA1

      e4e7f22e65cb4b17dde3998049d3d0a7245b2bb3

    • SHA256

      62df68b2db0b080a2e963f0c082b5df7b15819032e11fbe5e9dfcfb8d143f61e

    • SHA512

      9b18e0e9579f8cd4618729d69a8977510c9003badf9847fba584843fe05a20315d3fdc007b77cfd661805bb9c5a9881f54769cfca4b9a8f9a5b8ccbef893849d

    • SSDEEP

      12288:U/aNxB7iS/d348fzplYfjv030ZWR8mLZyY8Xnptkju6YJyqxZzrhhDZI0H:UWxgS/d3xzplajvQ0ZWuCyY8XvmqxZz/

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks