General

  • Target

    0c7a63c0930eeda3f9a52b4ddbd5f735

  • Size

    781KB

  • Sample

    231230-dlwt7shbdj

  • MD5

    0c7a63c0930eeda3f9a52b4ddbd5f735

  • SHA1

    c075603eafbe2b6e8b35bc6e03ca261d36395b0f

  • SHA256

    ada938bd349c969f1107fb070688745c9af6017a2114d45f469225e128c6e331

  • SHA512

    72de2b5035d2e4cf05d60a1153f26520aa4f02b7bbddc64b05dc1f0219c946c1c30c9cf27c870f4e7f68fb72e784bdfea46046b706f8904dc95830869edd00ad

  • SSDEEP

    24576:w52tnrMEE5DnTW78H2Hwn0mcDeIpHUz1OrX4+G61X:wktnZEZvc2hmXFFX

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qw2c

Decoy

wasix.net

arcadems.com

mostlygucci.com

sainternationals.com

shopgatherandbloom.com

glwengineeringdesign.com

riversidecottagebray.com

xn--anibalderedao-7eb3d.com

certifiedinsults.com

milestepcapital.com

globalexchange.pro

miekewrites.com

kx897.com

cesql.com

squarter.com

lambcrunchtimes.com

evoiko.com

mygrampasgarden.com

ruhan123.com

leveleab.com

Targets

    • Target

      0c7a63c0930eeda3f9a52b4ddbd5f735

    • Size

      781KB

    • MD5

      0c7a63c0930eeda3f9a52b4ddbd5f735

    • SHA1

      c075603eafbe2b6e8b35bc6e03ca261d36395b0f

    • SHA256

      ada938bd349c969f1107fb070688745c9af6017a2114d45f469225e128c6e331

    • SHA512

      72de2b5035d2e4cf05d60a1153f26520aa4f02b7bbddc64b05dc1f0219c946c1c30c9cf27c870f4e7f68fb72e784bdfea46046b706f8904dc95830869edd00ad

    • SSDEEP

      24576:w52tnrMEE5DnTW78H2Hwn0mcDeIpHUz1OrX4+G61X:wktnZEZvc2hmXFFX

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks