General

  • Target

    11a6b8b5f238e0bbfa70f1abe2f9bd27

  • Size

    692KB

  • Sample

    231230-htx5fsadd9

  • MD5

    11a6b8b5f238e0bbfa70f1abe2f9bd27

  • SHA1

    932de02950bd3553e23d2aac3f85e0ee1c84ca66

  • SHA256

    bdd6383b7dfbfda55390784b0376e669922bff5dd1de596e971348bbf2b5c2c3

  • SHA512

    67f89c4365267cef5031e0f180e65bd4ed3691c28ccac1b87affd1f2afdf2a344fdca3a6d8d37c496676e81e845575e2e50bfe21a0db251a390726e262f479d2

  • SSDEEP

    12288:ZQBD85LxOU/pfnRNLCuIg638uKfNHG8EuPYC8t:FVxX/tnWN3sNQ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

r48a

Decoy

casaropm.com

yatejiaoyu.com

camelotandco.com

membershipbranding.com

eve-tcs.com

cravingzapp.com

zdflive.com

marksthoughtoftheday.com

livefutebol.com

malibuclassix.com

home-job-work.com

italifestyleclothing.com

integrityrose.life

splitfield.com

dabanse.com

diegobreak.icu

luederfleetservices.com

beyond-cultures.com

baawmar.net

quwaza.com

Targets

    • Target

      11a6b8b5f238e0bbfa70f1abe2f9bd27

    • Size

      692KB

    • MD5

      11a6b8b5f238e0bbfa70f1abe2f9bd27

    • SHA1

      932de02950bd3553e23d2aac3f85e0ee1c84ca66

    • SHA256

      bdd6383b7dfbfda55390784b0376e669922bff5dd1de596e971348bbf2b5c2c3

    • SHA512

      67f89c4365267cef5031e0f180e65bd4ed3691c28ccac1b87affd1f2afdf2a344fdca3a6d8d37c496676e81e845575e2e50bfe21a0db251a390726e262f479d2

    • SSDEEP

      12288:ZQBD85LxOU/pfnRNLCuIg638uKfNHG8EuPYC8t:FVxX/tnWN3sNQ

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks