General

  • Target

    1dce0fc0bcc3ed4f7af74bdaeef37a5f

  • Size

    1.2MB

  • Sample

    231230-1vnaragegp

  • MD5

    1dce0fc0bcc3ed4f7af74bdaeef37a5f

  • SHA1

    44db74becdf78474e7b4418cd24274b88410c02f

  • SHA256

    e8bb9e81ed75437b45f90b1c65e3100c618090d66d7fa37f5208fedc6972f142

  • SHA512

    55770eaac58703a98bb05f8da7b7357cd09b747de3dbb89f41fae380d6fa50ad5302398c8b8fffa18257b234e5f3e7a7a315bd0470f379720d34fd8b1e317f46

  • SSDEEP

    24576:cxOsBgo0q4wMMBmCmTOUd+L6kLXWGmHUdR6B8w5+lx/2:cIoHMUmCm6Ud+zLXbmHVB8Bx+

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wten

Decoy

largshomebuyers.com

hqs.xyz

stormvalleysoapco.com

coolsoftware.xyz

creditfitbootcamp.com

mdroc.com

cooperseyewear.com

mrleyos.com

apipacking.com

mtdivas.com

bim3dstudio.com

ngdnwgtsf.club

arknmhsc.com

expowe.icu

surfacesupplierscanada.com

thinbluelion.com

vbetmalaysia.com

christcarriers.com

easternshoreautobody.com

healthyvibrantandbeautiful.com

Targets

    • Target

      1dce0fc0bcc3ed4f7af74bdaeef37a5f

    • Size

      1.2MB

    • MD5

      1dce0fc0bcc3ed4f7af74bdaeef37a5f

    • SHA1

      44db74becdf78474e7b4418cd24274b88410c02f

    • SHA256

      e8bb9e81ed75437b45f90b1c65e3100c618090d66d7fa37f5208fedc6972f142

    • SHA512

      55770eaac58703a98bb05f8da7b7357cd09b747de3dbb89f41fae380d6fa50ad5302398c8b8fffa18257b234e5f3e7a7a315bd0470f379720d34fd8b1e317f46

    • SSDEEP

      24576:cxOsBgo0q4wMMBmCmTOUd+L6kLXWGmHUdR6B8w5+lx/2:cIoHMUmCm6Ud+zLXbmHVB8Bx+

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks