General

  • Target

    1d58add500cd72bb0d9537c42ad3b073

  • Size

    1.6MB

  • Sample

    231230-1j2n1adhhj

  • MD5

    1d58add500cd72bb0d9537c42ad3b073

  • SHA1

    31dd1976b460787047a704610759641d1c7f17d0

  • SHA256

    c2f77aaf305ed67feccf0a292e85a872c3d30499aae0311286e55c491f2bd074

  • SHA512

    f747229d193ece966f518fa4e46162225b67b1f3fc73ee1ca0064f0a36eaed035d9320325a7fb5d1c3930e0cfe3e62e1757f96a6010b052665497ec6f657cc47

  • SSDEEP

    24576:iC7nW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+huu:1Ciecvk7NWiZf0vNQuiNB/e

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

synv

Decoy

hareemshareem.com

aromaticus.club

sakabay.com

ebtedaieeduone.com

goodyertirerebate.com

mehmeterdas.com

everestjsc.com

eqtclub.com

ahlcide.ovh

snifu.com

grinabrasive.info

ijustwannablog.com

eng-in-use.com

mo-ip.group

beautynblackbody.com

presto-eng.info

jarah24.com

marigoldbrewery.com

onpointcomprasbrasil.com

cdrh-consultores.com

Targets

    • Target

      1d58add500cd72bb0d9537c42ad3b073

    • Size

      1.6MB

    • MD5

      1d58add500cd72bb0d9537c42ad3b073

    • SHA1

      31dd1976b460787047a704610759641d1c7f17d0

    • SHA256

      c2f77aaf305ed67feccf0a292e85a872c3d30499aae0311286e55c491f2bd074

    • SHA512

      f747229d193ece966f518fa4e46162225b67b1f3fc73ee1ca0064f0a36eaed035d9320325a7fb5d1c3930e0cfe3e62e1757f96a6010b052665497ec6f657cc47

    • SSDEEP

      24576:iC7nW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+huu:1Ciecvk7NWiZf0vNQuiNB/e

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks