General

  • Target

    0c54f2f7bca44d750e64872e19f622aa

  • Size

    679KB

  • Sample

    231230-dgqgmagcal

  • MD5

    0c54f2f7bca44d750e64872e19f622aa

  • SHA1

    750412f913163e02cafd62d87e9d6a932d7a87e7

  • SHA256

    ee0072bfa491f44ca7379ea10a57c49e384180abf7998f2f4a8b08d4fd24c176

  • SHA512

    5ca95232b85faeec19e791ef5552047249869d4e0a71bbd729e0d987aa3d91875489b91c5e3af9f494ab681a0520801c54f3c741ff9339bb59594d2282e5f3ca

  • SSDEEP

    12288:neZhU92Phc8yRRJsGeY7+M5kvJvfyLIurAXq08Vhdm:n52pkJsGeO+M5kyIuiqhho

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h388

Decoy

americangrindstone.com

qdy6.club

bestsecretrecipes.info

11restoran.com

mrhashtags.com

theexecutivestudio.com

levilatte.com

indiantrio.com

msdhigh.com

spartandiesel.com

soccersundays.com

eliteworldcars.com

superlemon001.com

greenlight.school

kuryeforum.xyz

abc-322.com

campbellretreat.com

argonmode.net

movievilla.info

brateix.info

Targets

    • Target

      0c54f2f7bca44d750e64872e19f622aa

    • Size

      679KB

    • MD5

      0c54f2f7bca44d750e64872e19f622aa

    • SHA1

      750412f913163e02cafd62d87e9d6a932d7a87e7

    • SHA256

      ee0072bfa491f44ca7379ea10a57c49e384180abf7998f2f4a8b08d4fd24c176

    • SHA512

      5ca95232b85faeec19e791ef5552047249869d4e0a71bbd729e0d987aa3d91875489b91c5e3af9f494ab681a0520801c54f3c741ff9339bb59594d2282e5f3ca

    • SSDEEP

      12288:neZhU92Phc8yRRJsGeY7+M5kvJvfyLIurAXq08Vhdm:n52pkJsGeO+M5kyIuiqhho

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks