General

  • Target

    0bb660af76cd316fd2dae5a66506a1a7

  • Size

    506KB

  • Sample

    231230-cy7xkaceal

  • MD5

    0bb660af76cd316fd2dae5a66506a1a7

  • SHA1

    1765a7f9b76bc22b89a5d74997a54c5c5be28450

  • SHA256

    d53bae4b5ce931f64224d180b42eda418516d524ae0623571069c6bc30845fa3

  • SHA512

    0551c44663ecc9b5ce8c27999c7b22067fee4c4769a906f42341e666688807d01f7abdad65f6159e0c6104bde20dde028e49496b065bf8147e54da71ae334e1b

  • SSDEEP

    12288:S7ixuBYYUltDe9syZLZQ5+SDW1afioyS3+lpq4e7:S7ixufUbCsKLZQ5+SDW1di1/7

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

hf9j

Decoy

jambokid.com

https-sso-btcturk.com

shanghainternational.com

xn--ehq51k.com

articulosalgusto.com

zelayabrothers.com

bestessentialsforhome.com

pretaporterbijoux.com

razorpak.com

tiroljobs24.com

wwwfallguysmobile.com

milehighdoorways.com

ourinternationalstory.com

warriorsgames.com

georgeskieffer.com

wearegrowthhackerz.site

rabbikatz.com

skystonemed.com

salvage-it.com

kvnjob.com

Targets

    • Target

      0bb660af76cd316fd2dae5a66506a1a7

    • Size

      506KB

    • MD5

      0bb660af76cd316fd2dae5a66506a1a7

    • SHA1

      1765a7f9b76bc22b89a5d74997a54c5c5be28450

    • SHA256

      d53bae4b5ce931f64224d180b42eda418516d524ae0623571069c6bc30845fa3

    • SHA512

      0551c44663ecc9b5ce8c27999c7b22067fee4c4769a906f42341e666688807d01f7abdad65f6159e0c6104bde20dde028e49496b065bf8147e54da71ae334e1b

    • SSDEEP

      12288:S7ixuBYYUltDe9syZLZQ5+SDW1afioyS3+lpq4e7:S7ixufUbCsKLZQ5+SDW1di1/7

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks