General

  • Target

    089176f8b75aeadbe1340475a97b64b3

  • Size

    587KB

  • Sample

    231230-aseygshcdq

  • MD5

    089176f8b75aeadbe1340475a97b64b3

  • SHA1

    750cefa894e5f6de4bca165835548b101bfc904e

  • SHA256

    4adb1957fc3c427382fe6fa8daaa5af58bffd5aa251daaaa73604ec7355eadf5

  • SHA512

    06d8faed66269213fdab47a7849e44b93e8411d1299987e3d381a8b2720f821010a03b0d9c3b26989971b9f8586d95f56bafbce06b787a85f835e15792f5f912

  • SSDEEP

    12288:SOsBgo0q4wMdDe7zc4nR/2alBJ0pZ1J2qdHFNlMejiuDDGljcp0RQw0wp/:SOsBgo0q4wMd0Tn044pZ1AI7jxSCp2Qi

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c3sc

Decoy

vnye2037.com

adopttongling.com

miss-bim.com

ylyqrbii.icu

iregentos.info

teseipropiedades.com

jsprimer.com

keepminkowicz.com

7999399.com

bdgooddq.com

komovnrebi.com

politicalswim.com

justokaydrawings.com

eglidons.com

ici-voyant.com

thirstymarketing.com

viajesyturismo360.com

shadesofshadow.com

learnenglishinceret.com

notnotdown.club

Targets

    • Target

      089176f8b75aeadbe1340475a97b64b3

    • Size

      587KB

    • MD5

      089176f8b75aeadbe1340475a97b64b3

    • SHA1

      750cefa894e5f6de4bca165835548b101bfc904e

    • SHA256

      4adb1957fc3c427382fe6fa8daaa5af58bffd5aa251daaaa73604ec7355eadf5

    • SHA512

      06d8faed66269213fdab47a7849e44b93e8411d1299987e3d381a8b2720f821010a03b0d9c3b26989971b9f8586d95f56bafbce06b787a85f835e15792f5f912

    • SSDEEP

      12288:SOsBgo0q4wMdDe7zc4nR/2alBJ0pZ1J2qdHFNlMejiuDDGljcp0RQw0wp/:SOsBgo0q4wMd0Tn044pZ1AI7jxSCp2Qi

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks