General

  • Target

    0c37bf73901929bf4bdfe5866fcc6480

  • Size

    708KB

  • Sample

    231230-dc7kcafeen

  • MD5

    0c37bf73901929bf4bdfe5866fcc6480

  • SHA1

    48f8fe70203026cbba48e232cd9dcb03e24bd5f8

  • SHA256

    05700b1d00f837ae2282c6236ccfa042833a84a54c933b76d096c5bf57653759

  • SHA512

    8d49040326b22f8eccc4a66ff277b962036803a776e01d9f0cb4847abfcffd979a33604ba8f7d8b5ff087dfec30d29cb78cece6661d7672827d365cf12e28220

  • SSDEEP

    12288:LnkenmADSt6pfjOJIVXCvJv7imHmUnIM1EACprKsKOV:bkenScCIVSvJi6ZnIM1EACYy

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ez2z

Decoy

songpit.net

tomrings.com

e-social.store

mindpoints.pro

firstnlast.com

nzsaic.com

fusedinsights.com

safesigndoc.com

katatus.com

ormecomitratama.com

buydoujin.com

bornuvo.com

cheap-hotel-london.com

fptinternet.online

joshuanjr.com

dotellpodcast.com

fbtowww.com

birtat75.com

sekhm-healing.com

getcarcash.net

Targets

    • Target

      0c37bf73901929bf4bdfe5866fcc6480

    • Size

      708KB

    • MD5

      0c37bf73901929bf4bdfe5866fcc6480

    • SHA1

      48f8fe70203026cbba48e232cd9dcb03e24bd5f8

    • SHA256

      05700b1d00f837ae2282c6236ccfa042833a84a54c933b76d096c5bf57653759

    • SHA512

      8d49040326b22f8eccc4a66ff277b962036803a776e01d9f0cb4847abfcffd979a33604ba8f7d8b5ff087dfec30d29cb78cece6661d7672827d365cf12e28220

    • SSDEEP

      12288:LnkenmADSt6pfjOJIVXCvJv7imHmUnIM1EACprKsKOV:bkenScCIVSvJi6ZnIM1EACYy

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks