General

  • Target

    023ba631fbbb8e83ea5708c0111878bd

  • Size

    737KB

  • Sample

    231229-yjr4fsefbn

  • MD5

    023ba631fbbb8e83ea5708c0111878bd

  • SHA1

    8bd5af6c31d22850ac23e5ae25a6c42242de621d

  • SHA256

    842bbd8cf641e4fc48ddd749cd539ae90660432d9f6b5530dddfaf9bff80acd8

  • SHA512

    cc581e371d6b0868bb745ff47a7c68c953ccc89759a795a405181fda62e2300ac9371ecf5890bdadbd126438b541cd3634cb4fc0b5587ee2d2f14f6996cf0d55

  • SSDEEP

    6144:qwa0m/tnCZ4SZGD/Ck0f+Zro5760fTdAGDDmsqcirPV1lsFbWZoGm:qOj41N0fqre75djMcWPHqtGm

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ars4

Decoy

hostelenot.com

jetsetazre.com

bargomobilityxyz.xyz

the3witches.com

thebirdsongagency.com

028jindanzi.com

cormacknnl.com

keithshugart.com

soyholistica.net

xmasmobivrbuy.com

thetithinglife.com

alternativemetalsupply.com

onnotin.net

azadifoundation.com

rustycrutches.com

seamarck.com

blvcktricity.com

xn--80aaxuhtg.network

meatcointernational.com

indorebodybilaspur.com

Targets

    • Target

      023ba631fbbb8e83ea5708c0111878bd

    • Size

      737KB

    • MD5

      023ba631fbbb8e83ea5708c0111878bd

    • SHA1

      8bd5af6c31d22850ac23e5ae25a6c42242de621d

    • SHA256

      842bbd8cf641e4fc48ddd749cd539ae90660432d9f6b5530dddfaf9bff80acd8

    • SHA512

      cc581e371d6b0868bb745ff47a7c68c953ccc89759a795a405181fda62e2300ac9371ecf5890bdadbd126438b541cd3634cb4fc0b5587ee2d2f14f6996cf0d55

    • SSDEEP

      6144:qwa0m/tnCZ4SZGD/Ck0f+Zro5760fTdAGDDmsqcirPV1lsFbWZoGm:qOj41N0fqre75djMcWPHqtGm

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks