General

  • Target

    02ae7f4c28fa27bb522b25762a2eacab

  • Size

    271KB

  • Sample

    231229-yyv4nacgb6

  • MD5

    02ae7f4c28fa27bb522b25762a2eacab

  • SHA1

    5b49eb9e66a71e42591e4761d17084869ca7f4b2

  • SHA256

    79e535de63f31e04e3565e35d8fcad297ff2dd8bda659a15c13ccee4a11a6e30

  • SHA512

    78e3ba30d608a1d5a6db1cd5677e62e85b940e8a6422d5bc1ca80f77825534cc97a8b7a80a26a50d72c4e62c213cda4af7673373119993a901929cb9ca35f2e7

  • SSDEEP

    6144:OK++hEjavND5MppH7SZebWtvzwYU8bu5pn8kUUXtwjlp1am09h:lMLH7fbAvzwp8bmpn8kUUdmza/

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q6fg

Decoy

bunny3d.com

sentralboneka.com

g2ekem8w2k.com

woodssilencer.com

tinytrailers4bigadventures.com

sandrafouty.com

brightlightsbuzz.com

macadamiaprinting.com

risentrainingandevent.com

ccuupommdeedesscontooooo.com

yourvotetravels.com

omsharmainsurance.com

automatedgatesmanchester.com

papeleriabooks.com

12580xk.com

illuminategenuinehope.xyz

thedevelopersblog.com

medicretidtcorp.com

therimesofisrael.com

syakira09.xyz

Targets

    • Target

      02ae7f4c28fa27bb522b25762a2eacab

    • Size

      271KB

    • MD5

      02ae7f4c28fa27bb522b25762a2eacab

    • SHA1

      5b49eb9e66a71e42591e4761d17084869ca7f4b2

    • SHA256

      79e535de63f31e04e3565e35d8fcad297ff2dd8bda659a15c13ccee4a11a6e30

    • SHA512

      78e3ba30d608a1d5a6db1cd5677e62e85b940e8a6422d5bc1ca80f77825534cc97a8b7a80a26a50d72c4e62c213cda4af7673373119993a901929cb9ca35f2e7

    • SSDEEP

      6144:OK++hEjavND5MppH7SZebWtvzwYU8bu5pn8kUUXtwjlp1am09h:lMLH7fbAvzwp8bmpn8kUUdmza/

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks