General

  • Target

    08c8c740498b3da7a6a7d1712a1b2b6c

  • Size

    716KB

  • Sample

    231230-azsg6aafdr

  • MD5

    08c8c740498b3da7a6a7d1712a1b2b6c

  • SHA1

    2b9aca7ac1d912f8cef14cc7bb120f2a7f2d0e6b

  • SHA256

    0c5e61b415a6ebd50f07b9a3eab5bb7fd6b501715e9f3968c4ea2dbc7323f189

  • SHA512

    3d2772666f4d3f04c87129ef97706a57d133b21341edd2951387d3f2eab0ccd632ec83aa0ae30bef7c379a5b90629901d6c3445637d68a5e621bff8fe6b1483c

  • SSDEEP

    6144:D+L4gXFiC+KCtx0LQ/LN0vZsz7THjGyV6HOo3DdHlAaKs8ALSrjU50nhEpGZq8aq:D+L5SKS0YUuzHNonRHh7QEhGVaQ1

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6cu

Decoy

votreconseilfinancier.com

wholesaleplay.com

komfy.store

hsyunfan.com

tournamenttips.com

yourbusine.xyz

wrg-referrals.com

harmless-oily.com

whizdomtowealth.com

xusmods.com

cleanerstoday.com

finopscert.com

paerexpress.com

kankb.com

res-o.info

balonpantolon.com

freedownloadbiz.info

jeffegriffin.com

gobahis119.com

ourcalvinsarm.com

Targets

    • Target

      08c8c740498b3da7a6a7d1712a1b2b6c

    • Size

      716KB

    • MD5

      08c8c740498b3da7a6a7d1712a1b2b6c

    • SHA1

      2b9aca7ac1d912f8cef14cc7bb120f2a7f2d0e6b

    • SHA256

      0c5e61b415a6ebd50f07b9a3eab5bb7fd6b501715e9f3968c4ea2dbc7323f189

    • SHA512

      3d2772666f4d3f04c87129ef97706a57d133b21341edd2951387d3f2eab0ccd632ec83aa0ae30bef7c379a5b90629901d6c3445637d68a5e621bff8fe6b1483c

    • SSDEEP

      6144:D+L4gXFiC+KCtx0LQ/LN0vZsz7THjGyV6HOo3DdHlAaKs8ALSrjU50nhEpGZq8aq:D+L5SKS0YUuzHNonRHh7QEhGVaQ1

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks