General

  • Target

    0eb57a45752250a02951ac1fd7e79061

  • Size

    1.6MB

  • Sample

    231230-e87qnaghc4

  • MD5

    0eb57a45752250a02951ac1fd7e79061

  • SHA1

    c5f35af89e31633b921f81ca037d37bc27a5d189

  • SHA256

    a521b489989a9c3e92621174ec90982d6bbf04ddc074eff4feef54c18017418c

  • SHA512

    1854fa87ef160023546d107fe391534ff6947196c4e89bc130619ffca5ad4ea91a6b6007f320de16e286c36ffc149c4e0a3db1cdc93225499c623b44ab329c61

  • SSDEEP

    24576:phOc1xW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+T:TAiecqBRNT4wgp/anPCfNQuiNB/e

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uisg

Decoy

editions-doc.com

nbchengfei.com

adepojuolaoluwa.com

wereldsewoorden.com

sjstyles.com

indigo-cambodia.com

avrenue.com

decaturwilbert.com

tech-really.com

kimurayoshino.com

melocotonmx.com

njrxmjg.com

amandadoylecoach.com

miniaide.com

kocaeliescortalev.com

ycxshi.com

f4funda.com

126047cp.com

projecteutopia.com

masksforvoting.com

Targets

    • Target

      0eb57a45752250a02951ac1fd7e79061

    • Size

      1.6MB

    • MD5

      0eb57a45752250a02951ac1fd7e79061

    • SHA1

      c5f35af89e31633b921f81ca037d37bc27a5d189

    • SHA256

      a521b489989a9c3e92621174ec90982d6bbf04ddc074eff4feef54c18017418c

    • SHA512

      1854fa87ef160023546d107fe391534ff6947196c4e89bc130619ffca5ad4ea91a6b6007f320de16e286c36ffc149c4e0a3db1cdc93225499c623b44ab329c61

    • SSDEEP

      24576:phOc1xW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+T:TAiecqBRNT4wgp/anPCfNQuiNB/e

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks