General

  • Target

    038b05b19de1750a1534ac441c61e449

  • Size

    672KB

  • Sample

    231229-zj9h6saee8

  • MD5

    038b05b19de1750a1534ac441c61e449

  • SHA1

    c0d34674a25779540285ecdf3e9c494e4b843f55

  • SHA256

    697d1748c4a1262faaff519324b00d708f40cb660ff36316fd822dcac798f179

  • SHA512

    2e9b82def9144d8ceff0c0b8d1f1c60b4324d9595576ec857ce7b1a8ce8d7b0bfa07b6139bf03813e15996bd4abbb8b910ccf2405fd61b3339c8eddc5ea25ac1

  • SSDEEP

    12288:fXe9PPlowWX0t6mOQwg1Qd15CcYk0We1AYva+BVB+V0tabID:mhloDX0XOf49BqVIIID

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p3q8

Decoy

joyjoystore.com

dhznscklxe.com

sibal-taxi.com

idealtecoman.com

bridesword.xyz

poppyca.com

asoftplaceofrest.com

sainathadvertising.com

jankariinhindi.com

gfreshdelivery.com

kimbilgi.com

xzwykj.com

6huamo.com

amorabsoluto2020.com

buyhypoclean.com

rabatt-dealer.info

rapidtestor.com

envio2.xyz

greatroomsdesign.com

hgdental.net

Targets

    • Target

      038b05b19de1750a1534ac441c61e449

    • Size

      672KB

    • MD5

      038b05b19de1750a1534ac441c61e449

    • SHA1

      c0d34674a25779540285ecdf3e9c494e4b843f55

    • SHA256

      697d1748c4a1262faaff519324b00d708f40cb660ff36316fd822dcac798f179

    • SHA512

      2e9b82def9144d8ceff0c0b8d1f1c60b4324d9595576ec857ce7b1a8ce8d7b0bfa07b6139bf03813e15996bd4abbb8b910ccf2405fd61b3339c8eddc5ea25ac1

    • SSDEEP

      12288:fXe9PPlowWX0t6mOQwg1Qd15CcYk0We1AYva+BVB+V0tabID:mhloDX0XOf49BqVIIID

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks