General

  • Target

    027cab97658a200ad23ccfda1fd16775

  • Size

    689KB

  • Sample

    231229-yrrsnagdcl

  • MD5

    027cab97658a200ad23ccfda1fd16775

  • SHA1

    800da8e187684b05e759f9b4bc16fe479d8a8c69

  • SHA256

    8c0e95028944337b1e8a9e8dcc4ba141b535a4ee7dde151ca464238976039337

  • SHA512

    61fdc4f3564e036a46559a880a81f249bc9972e0a783b193d39bbae7720fe1e9a55432ecf10059388f576b9699819f9ae51f6844c653d7bd404ee08884c9ed02

  • SSDEEP

    12288:XBZExtz617gNm5YnXDdWj646hqyS3N3dCjli9ZKhefDiH/attLf1nAiw7X:XBZExtzlDdWjt6BSNdkqZKhCeH/ajfhS

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

d8ak

Decoy

slingshots305.com

egemv.com

purplewrld.com

thaipayakorn.com

crontabcyber.com

wolfalike.com

tedstbrice.com

bbwtrip.com

clothestokidsri.com

experienanidworks.com

acuityhealthcare.xyz

applepai.net

happytownmayor.net

xn--vltadvisors-2eb.com

garbagegenius.com

ndddxs.com

accuratearrangements.com

wraptecny.com

torontomassage.club

ifem-ci.com

Targets

    • Target

      027cab97658a200ad23ccfda1fd16775

    • Size

      689KB

    • MD5

      027cab97658a200ad23ccfda1fd16775

    • SHA1

      800da8e187684b05e759f9b4bc16fe479d8a8c69

    • SHA256

      8c0e95028944337b1e8a9e8dcc4ba141b535a4ee7dde151ca464238976039337

    • SHA512

      61fdc4f3564e036a46559a880a81f249bc9972e0a783b193d39bbae7720fe1e9a55432ecf10059388f576b9699819f9ae51f6844c653d7bd404ee08884c9ed02

    • SSDEEP

      12288:XBZExtz617gNm5YnXDdWj646hqyS3N3dCjli9ZKhefDiH/attLf1nAiw7X:XBZExtzlDdWjt6BSNdkqZKhCeH/ajfhS

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks