General

  • Target

    113286f80f81317488aa39f931bde38f

  • Size

    679KB

  • Sample

    231230-hcjkqsfef7

  • MD5

    113286f80f81317488aa39f931bde38f

  • SHA1

    e6c32240a28d90156493dd84360e083f0899ce36

  • SHA256

    25a0902b3158cd4c095c68e6f549d8a8f26415037bf234c17b052fa70574caf3

  • SHA512

    26007e3e7c671f24910b2734c49ac3b99ce19b62c4e2b6a309901189d8f7520dc5e0f070857c1979b3584bb2c4b351043a910b9010e60c9104fd38233b5e63be

  • SSDEEP

    12288:SKqJZ4sLu1XsqA+aYX9fy+bVTuCv4xFlkyDZ6U+:T6ZhLuWqA5MLQxbdB+

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

usvr

Decoy

theblockmeatstore.com

drone-moment.com

srsfashionbd.com

kylayagerartwork.com

instagrams.tools

rosenwealth.com

indicraftsvilla.com

rswizard.com

irist.one

pubgclaimx14.com

thegeorgiahomefinder.com

unusualdog.com

kifayatikart.com

methodunit.net

bavarian-luxury.com

17391000.com

ipcsaveday.com

yael-b.com

pasionqueconecta.com

youngsvideography.com

Targets

    • Target

      113286f80f81317488aa39f931bde38f

    • Size

      679KB

    • MD5

      113286f80f81317488aa39f931bde38f

    • SHA1

      e6c32240a28d90156493dd84360e083f0899ce36

    • SHA256

      25a0902b3158cd4c095c68e6f549d8a8f26415037bf234c17b052fa70574caf3

    • SHA512

      26007e3e7c671f24910b2734c49ac3b99ce19b62c4e2b6a309901189d8f7520dc5e0f070857c1979b3584bb2c4b351043a910b9010e60c9104fd38233b5e63be

    • SSDEEP

      12288:SKqJZ4sLu1XsqA+aYX9fy+bVTuCv4xFlkyDZ6U+:T6ZhLuWqA5MLQxbdB+

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks