General

  • Target

    0caeede0ee9b597823c03af4c06a139c

  • Size

    774KB

  • Sample

    231230-dsdl7sadbk

  • MD5

    0caeede0ee9b597823c03af4c06a139c

  • SHA1

    0cd954dc30c08e4b05c79967bc950e1729b7af8a

  • SHA256

    5526626d6c51b9056c5e143b17975fce5495c9ffda0744c74767b232b1239eae

  • SHA512

    c3b3f8bb5dbd2fb40d754b68c86e9702fce34eec3ab9f1f0efd1844df0936bdbc4623a4fac36a16e79059af41e17513e1047443057e06936180c8e1575064095

  • SSDEEP

    24576:GXfiAzBJrrt4o02ahQDKU9g3hemnGoDi+:wfdz3rrtH0F6Wd3v

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uqf5

Decoy

suiddock.com

sweetgyalshop.com

puterigarden.com

orangestoreusa.com

prostirkarpat.com

ajierfoods.com

mindlablearning.com

factiive.net

beautifulbrokenhearts.com

direcionalreservapraca.com

tvhoki.com

themoderncoachinstitute.com

classactionwalgreens.com

haloog.com

sachinkaushik.com

daleearnhardtjrchevyvip.com

disconight.net

ocyslibes.icu

encounterfy.com

infamoudpapertrail.com

Targets

    • Target

      Order.exe

    • Size

      1019KB

    • MD5

      8035a8a6435078dafbc920a1ff224d57

    • SHA1

      6596b759833a7580758634e75a878c387b21ff98

    • SHA256

      8ff564a57fcca6daaa6319451c7ccb61537b02b513b8b262a5f76348b70d0287

    • SHA512

      352f74524a9095f42999b307054c5a12fa372359e5d46b406f6718b4106506696ef07d8fd6fcba5443c89ae96bdb02a2c0df689f470088e5d3d79fb1bf8673a5

    • SSDEEP

      24576:C8PGQ+EcKrvDBUgSniJNZSp9lcZUYuAl4KaGiRusf:62KgSiJNoTGuY6LGiRu

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks