General

  • Target

    0f03eab5505bb4a4df99ccead0fc28f4

  • Size

    1.0MB

  • Sample

    231230-ffhfqsafa9

  • MD5

    0f03eab5505bb4a4df99ccead0fc28f4

  • SHA1

    3b77986e8695f04266eb03393272a7fc66d5415d

  • SHA256

    aaa40ee2b509dc2b3a2f12f62d70565c85eb9aa13a7efd43bb86cfba0a3e1a88

  • SHA512

    bfa9cd5a58bae5db8331789fdee64e30127b74f4fee95360c2029e0fe35d864207d2dcf25e568dcfd7b5ac9929b56ad522ac8064607ad9216493a56d8dd3aab8

  • SSDEEP

    24576:Dqz0NjVC/d3mK64J2R2CAkll97v7PPR67G:WcRK64JdC1lllzHo7

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ushb

Decoy

shopcavo.com

spowerschool.com

freekylerittenhouse.info

wipe4all.com

wounded-deer.com

poetasamigosypensadores.com

qteap.com

car-bingo.com

selbaje.com

amigofincorp.com

dirty-underwear.com

theyongeseries.com

watertreeinc.com

gemmacarulla.com

lauramagni.com

darkfliks.com

jjayphoto.com

chinnanmotors.com

intentionaltalentsolutions.com

oxiaer.com

Targets

    • Target

      0f03eab5505bb4a4df99ccead0fc28f4

    • Size

      1.0MB

    • MD5

      0f03eab5505bb4a4df99ccead0fc28f4

    • SHA1

      3b77986e8695f04266eb03393272a7fc66d5415d

    • SHA256

      aaa40ee2b509dc2b3a2f12f62d70565c85eb9aa13a7efd43bb86cfba0a3e1a88

    • SHA512

      bfa9cd5a58bae5db8331789fdee64e30127b74f4fee95360c2029e0fe35d864207d2dcf25e568dcfd7b5ac9929b56ad522ac8064607ad9216493a56d8dd3aab8

    • SSDEEP

      24576:Dqz0NjVC/d3mK64J2R2CAkll97v7PPR67G:WcRK64JdC1lllzHo7

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks