General

  • Target

    1dab8f52c7fee845091432bfb497841f

  • Size

    1.0MB

  • Sample

    231230-1rqayafghn

  • MD5

    1dab8f52c7fee845091432bfb497841f

  • SHA1

    9e943a94b4669421b9b6fd780a4070183d7df899

  • SHA256

    9c7dbcf10563482b7dd7f79b919469d9153cd306d0d71bc8d94ba258824750fc

  • SHA512

    5b4027f2d2deae57c800bdc14ab0b53ca6258b92074d919685fe78332b0b30b897db6c7b5aaf7591ac911814a88bd60bab74e393500d3f0fe761578a00e993c2

  • SSDEEP

    12288:spguje1yuW9wM/yRQc3js0z31PkpMYjEYKsKYm8RTcj6g2s0UBKiAeZM/dvX:ZykM/Qvzp31KMAEYKsFTsXr0UceW/dv

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

htb3

Decoy

dan4refl.com

onehitwonderthemusical.com

doktornese.com

teamsnsap.com

boatarm.com

maketexasconservativeagain.com

rarket.com

precipicepe.com

thailandsmemart.com

aatoyshop.com

woodzl.net

alianzasglobales.net

xn--pasin-3ta.online

sprinterference.net

mulheresdobusiness.com

badervz.com

khushiantums.com

michellerockwellrd.com

onlinestoreff.com

vtolrooftopairportservices.com

Targets

    • Target

      1dab8f52c7fee845091432bfb497841f

    • Size

      1.0MB

    • MD5

      1dab8f52c7fee845091432bfb497841f

    • SHA1

      9e943a94b4669421b9b6fd780a4070183d7df899

    • SHA256

      9c7dbcf10563482b7dd7f79b919469d9153cd306d0d71bc8d94ba258824750fc

    • SHA512

      5b4027f2d2deae57c800bdc14ab0b53ca6258b92074d919685fe78332b0b30b897db6c7b5aaf7591ac911814a88bd60bab74e393500d3f0fe761578a00e993c2

    • SSDEEP

      12288:spguje1yuW9wM/yRQc3js0z31PkpMYjEYKsKYm8RTcj6g2s0UBKiAeZM/dvX:ZykM/Qvzp31KMAEYKsFTsXr0UceW/dv

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks