General

  • Target

    0b7189ae34ddb29ef3dd133f441f49a7

  • Size

    1.3MB

  • Sample

    231230-csd3asagek

  • MD5

    0b7189ae34ddb29ef3dd133f441f49a7

  • SHA1

    d75fc42f93dad1aaca62cf05666bda6f6f36561d

  • SHA256

    18ca8210efe21b29666ea86a3e57b02f7b051527185261e2e4d847c1ce885bb7

  • SHA512

    ec3071ff66fe93568ac97c2135700ce6f82f3f4c9176ab3bec29a9d200d471f811ee5b0293f4ce909c9c63d25fa5f54b6be90c5b5b97036b85a32b212bea9eb9

  • SSDEEP

    24576:/CbWzraeIBS3Xvlxfg1c5uOlZcjrsK3ON:iqraeI4QHFO

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ajs8

Decoy

lotfysupport.net

tradingsentral.com

mobiles240.com

redecompre.com

mulliganjames.com

excursionlanzarote.com

n1getaccess.com

wirelessconsole.com

thevez.net

joygshpng.com

arandawines.com

eliassantis.net

racevc.com

mybluemonitor.com

jual-penggugurkandungan.com

connectgf.com

nmpsolutions.com

anipawesome.com

vissito.com

terracottagkp.com

Targets

    • Target

      0b7189ae34ddb29ef3dd133f441f49a7

    • Size

      1.3MB

    • MD5

      0b7189ae34ddb29ef3dd133f441f49a7

    • SHA1

      d75fc42f93dad1aaca62cf05666bda6f6f36561d

    • SHA256

      18ca8210efe21b29666ea86a3e57b02f7b051527185261e2e4d847c1ce885bb7

    • SHA512

      ec3071ff66fe93568ac97c2135700ce6f82f3f4c9176ab3bec29a9d200d471f811ee5b0293f4ce909c9c63d25fa5f54b6be90c5b5b97036b85a32b212bea9eb9

    • SSDEEP

      24576:/CbWzraeIBS3Xvlxfg1c5uOlZcjrsK3ON:iqraeI4QHFO

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks