General

  • Target

    1211e783a4c4d74c0705808877da506e

  • Size

    683KB

  • Sample

    231230-h8staachc6

  • MD5

    1211e783a4c4d74c0705808877da506e

  • SHA1

    82fad96563b114986b5b309ea86c31d7b33929ee

  • SHA256

    636593bf497bb7b2c4d58b2b82701b49ce14cedb4661cb997e900982c5293de1

  • SHA512

    911bac00d2160af5535c4ecab5a68e0163c5f958e78e18d153ba199cc17786b2c61bb71bcaf659dbc3a34a3c40a7be5ffdd50c487d0cf0d5a5dfb412c3894451

  • SSDEEP

    12288:vQoPU9FPU9Wi3YHUWfcCOsBgo0q4wMnmV04IQtM8ZBEbRUietdz6oBd:vQ7fcCOsBgo0q4wMnTQtM8Z+bqieTn

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p2io

Decoy

essentiallyourscandles.com

cleanxcare.com

bigplatesmallwallet.com

iotcloud.technology

dmgt4m2g8y2uh.net

malcorinmobiliaria.com

thriveglucose.com

fuhaitongxin.com

magetu.info

pyithuhluttaw.net

myfavbutik.com

xzklrhy.com

anewdistraction.com

mercuryaid.net

thesoulrevitalist.com

swayam-moj.com

liminaltechnology.com

lucytime.com

alfenas.info

carmelodesign.com

Targets

    • Target

      1211e783a4c4d74c0705808877da506e

    • Size

      683KB

    • MD5

      1211e783a4c4d74c0705808877da506e

    • SHA1

      82fad96563b114986b5b309ea86c31d7b33929ee

    • SHA256

      636593bf497bb7b2c4d58b2b82701b49ce14cedb4661cb997e900982c5293de1

    • SHA512

      911bac00d2160af5535c4ecab5a68e0163c5f958e78e18d153ba199cc17786b2c61bb71bcaf659dbc3a34a3c40a7be5ffdd50c487d0cf0d5a5dfb412c3894451

    • SSDEEP

      12288:vQoPU9FPU9Wi3YHUWfcCOsBgo0q4wMnmV04IQtM8ZBEbRUietdz6oBd:vQ7fcCOsBgo0q4wMnTQtM8Z+bqieTn

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks