General

  • Target

    0a9de49281cf90a99f03cb917ac16afe

  • Size

    234KB

  • Sample

    231230-b78psadffj

  • MD5

    0a9de49281cf90a99f03cb917ac16afe

  • SHA1

    2f38ef814c67f71710b359308be5b980ac54ec46

  • SHA256

    66e9a440c0e4719ed9c472be00302f7a1176f48b5e0153284abc0c8060d70306

  • SHA512

    c4d9337619f718ec20059cc32470243fc608c20145cf4cbe27282f6c6aab0672d85771e625806a42aaaa7fe440cec87930eca050cc391cd30c86907a6e3a67b5

  • SSDEEP

    6144:S9X0G6PHRrBTA8lVcf5fNMRkjqm5kDy8iGLkA:00zfRxAschfSOczToA

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b5i8

Decoy

bottleandaura.com

lacrashreports.com

delgoods.com

chothuelieucamtrai.com

ritme.net

theteletraan.com

entrxia.com

betandget.net

bench-oat.com

sxccls.com

stokenewingtonmusicschool.com

yuanwenhui.com

vaxmag.com

soilandseedgardens.com

madewithpreset.com

whowouldyouliketospeak.com

tapforamow.com

dabanse.com

videospot.info

freemiumacademy.com

Targets

    • Target

      0a9de49281cf90a99f03cb917ac16afe

    • Size

      234KB

    • MD5

      0a9de49281cf90a99f03cb917ac16afe

    • SHA1

      2f38ef814c67f71710b359308be5b980ac54ec46

    • SHA256

      66e9a440c0e4719ed9c472be00302f7a1176f48b5e0153284abc0c8060d70306

    • SHA512

      c4d9337619f718ec20059cc32470243fc608c20145cf4cbe27282f6c6aab0672d85771e625806a42aaaa7fe440cec87930eca050cc391cd30c86907a6e3a67b5

    • SSDEEP

      6144:S9X0G6PHRrBTA8lVcf5fNMRkjqm5kDy8iGLkA:00zfRxAschfSOczToA

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks