General

  • Target

    041eaef6df8d4af62ab1878c56017341

  • Size

    294KB

  • Sample

    231229-z11btsbdep

  • MD5

    041eaef6df8d4af62ab1878c56017341

  • SHA1

    b210fdf3b9f4f0c14dba7e8ef37590aae847f034

  • SHA256

    3372e8d057ffff2279f0f1ce2da85d973c3892cd96d8a3fc7d8d6e51f9e6d4b2

  • SHA512

    a16487aa38f6bc6a2d65063372b50058e4bdb9b8d46201909052111c1f4a979d4dfc67f054a8c32d46475d813ac22b3fccdda600dd8c401a276792a68748d6f6

  • SSDEEP

    6144:QoCCqYPiZZXJoat7/vu6G3iXE0wJEdsvytIDPVX:XqXZXJn7/v5GiE0cEdsacJ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

smd0

Decoy

alparmuhendislik.com

mighteaco.com

adventurelesotho.com

leeli.design

pdgpr.com

halalfolio.com

buildmybusinesscase.com

fastymove.com

thirdcoastbenefits.com

wwg1024.xyz

zx997.com

restorationpros911.com

shopboost.xyz

mattberningerwebsite.com

xn--e1awdjp3ao.xn--p1acf

laceandpleats.com

leseluxus.com

thesanjay.net

unravelshop.com

jetblueairlinesfly.com

Targets

    • Target

      VSL_MV HARMONY.exe

    • Size

      228KB

    • MD5

      9a946c41ee6fe3c70bf0075e5082a8d1

    • SHA1

      843e067511458f238a9fc1e5cfc35c5539d1ae87

    • SHA256

      813f8d8c97adcb2b57b170bef87008e4fcfa904b5cc6df0486b5be1885abfbee

    • SHA512

      f7e664b059ab3f42fe6630987eae4e4b24cc291f6eebf0dc27e992ade23caaaddd6437769af4a1b2c5c1821f0623e9336d5c269302ba1adb0255ca51bbddb976

    • SSDEEP

      3072:s9UDX43CvFzVRNQ4/UutqrQAKJgMXmIY7tRy2oSxuNn+Q24QEdTvSexNgPeEIuTe:suDoufQKnmjzoxhOKiPp/q+GgTuV

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks