General

  • Target

    10fb4d6dd2c8f5821d0d5e7d3c3e3418

  • Size

    667KB

  • Sample

    231230-g515taeba3

  • MD5

    10fb4d6dd2c8f5821d0d5e7d3c3e3418

  • SHA1

    5287fd51aec27d2efcc7ac83aa9028478d0a5b23

  • SHA256

    17ca7eec8e12f2ef93e345b31b0af8672034ba270a01ed29f72f2bd57904f2f6

  • SHA512

    7cdd75acc113ce7c4e03f84988057df27206df89992d5fe0998622844c7b8e06c403d2f40e6c88a57c0858b177a012e3cbb78a0a6fc121746093b63d163729bf

  • SSDEEP

    6144:+NUZhtYyFJLgGXVFalbjc1U+e8h/6qy22kA76CPPoGdAv71qCspOXePQ66n:+eZhqKqbjkU+Pv23VHoIiMCsAXePQF

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

r48a

Decoy

casaropm.com

yatejiaoyu.com

camelotandco.com

membershipbranding.com

eve-tcs.com

cravingzapp.com

zdflive.com

marksthoughtoftheday.com

livefutebol.com

malibuclassix.com

home-job-work.com

italifestyleclothing.com

integrityrose.life

splitfield.com

dabanse.com

diegobreak.icu

luederfleetservices.com

beyond-cultures.com

baawmar.net

quwaza.com

Targets

    • Target

      10fb4d6dd2c8f5821d0d5e7d3c3e3418

    • Size

      667KB

    • MD5

      10fb4d6dd2c8f5821d0d5e7d3c3e3418

    • SHA1

      5287fd51aec27d2efcc7ac83aa9028478d0a5b23

    • SHA256

      17ca7eec8e12f2ef93e345b31b0af8672034ba270a01ed29f72f2bd57904f2f6

    • SHA512

      7cdd75acc113ce7c4e03f84988057df27206df89992d5fe0998622844c7b8e06c403d2f40e6c88a57c0858b177a012e3cbb78a0a6fc121746093b63d163729bf

    • SSDEEP

      6144:+NUZhtYyFJLgGXVFalbjc1U+e8h/6qy22kA76CPPoGdAv71qCspOXePQ66n:+eZhqKqbjkU+Pv23VHoIiMCsAXePQF

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks