General

  • Target

    1e6551878ce5233e3da31af52ae22ad2

  • Size

    1.1MB

  • Sample

    231230-2b8ysabhbk

  • MD5

    1e6551878ce5233e3da31af52ae22ad2

  • SHA1

    57c99f3193543b7e5988ac3018ec517fd240c15b

  • SHA256

    a73336c8fc448bd54031998ad8cbda50f452c3c8a1600623a43e07ce6476b3d5

  • SHA512

    0ee898c5725793e382c967597ba71d4361c85b49ff427e56c38f1c6ec43ab9f370b63e346a639bdc71b35f44f7dcd5ccd589135fbdc4502c0fd47b882504230d

  • SSDEEP

    12288:o3bm2vzE/RsJZSRM2wfqYAwEEz/prKkjyAcH+BTWnXqTeDuR4QPujP:B2vIEZLNqYAw//pHjyAc0TeD6u

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

    • Target

      1e6551878ce5233e3da31af52ae22ad2

    • Size

      1.1MB

    • MD5

      1e6551878ce5233e3da31af52ae22ad2

    • SHA1

      57c99f3193543b7e5988ac3018ec517fd240c15b

    • SHA256

      a73336c8fc448bd54031998ad8cbda50f452c3c8a1600623a43e07ce6476b3d5

    • SHA512

      0ee898c5725793e382c967597ba71d4361c85b49ff427e56c38f1c6ec43ab9f370b63e346a639bdc71b35f44f7dcd5ccd589135fbdc4502c0fd47b882504230d

    • SSDEEP

      12288:o3bm2vzE/RsJZSRM2wfqYAwEEz/prKkjyAcH+BTWnXqTeDuR4QPujP:B2vIEZLNqYAw//pHjyAc0TeD6u

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks