General

  • Target

    01e8a73c9fa00df46f55b6e3984a683b

  • Size

    841KB

  • Sample

    231229-yaxmkscchp

  • MD5

    01e8a73c9fa00df46f55b6e3984a683b

  • SHA1

    552d32c1a0a1990e48d27a934ecad1174ad9f283

  • SHA256

    934fce499916c43cb7fa6b0198b18195700a5d6fadc6a716574f8eea92c8a545

  • SHA512

    926e85f991cd7c01905252694231159be4076afcd3b32d3123916a46234dba142af9259dc8d8c461ac061587b5cc4707e3c58e5efa887cfdb061133429ac63dc

  • SSDEEP

    12288:2KNoR65AXwgFvuSSEsjiKk7UTxjuADoP+OkOtwyFdEL4sZkvn7iGU:loR6qgu3P7kOtwz42s

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gno4

Decoy

callsecuritymusic.com

quikngo.com

gardenofbabyclothes.com

bailbondinculvercity.com

nqyaurlz.icu

sultanulhind.com

toddy-bodies.com

kom-hunter.com

theradibio.com

pageonefourplay.info

wildlifetools.com

nobleegoist.com

girlsjerkoff.com

theenlows.com

jyqcxl.com

southernbluebee.com

betfootballthaigold.com

remaxaffinityplus.net

teamlunsford.com

howtoberealonline.com

Targets

    • Target

      01e8a73c9fa00df46f55b6e3984a683b

    • Size

      841KB

    • MD5

      01e8a73c9fa00df46f55b6e3984a683b

    • SHA1

      552d32c1a0a1990e48d27a934ecad1174ad9f283

    • SHA256

      934fce499916c43cb7fa6b0198b18195700a5d6fadc6a716574f8eea92c8a545

    • SHA512

      926e85f991cd7c01905252694231159be4076afcd3b32d3123916a46234dba142af9259dc8d8c461ac061587b5cc4707e3c58e5efa887cfdb061133429ac63dc

    • SSDEEP

      12288:2KNoR65AXwgFvuSSEsjiKk7UTxjuADoP+OkOtwyFdEL4sZkvn7iGU:loR6qgu3P7kOtwz42s

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks