General

  • Target

    123657146d91536f96286717786d45a4

  • Size

    942KB

  • Sample

    231230-jctw5sdgc3

  • MD5

    123657146d91536f96286717786d45a4

  • SHA1

    601ad65123b6417d4b5368974247e5fe4c808d2b

  • SHA256

    4a82f9fe9128707c38e60ee4feea398d4edfcca38d066ed3670b5858d8685a05

  • SHA512

    4adaa3bd089bd5d449b00438f58fa7b30ccb3cf81731498645f44b40b387d534c68e2aab66a2c587a71e5df84578a6c5dafc7de34bd375528d1a387899b6cb9e

  • SSDEEP

    24576:GwOuJARseTMqhJqJIP4wkyKwWhmdraLqs:xPARsSZhJqy4pl4N

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

earz

Decoy

halacoupon.com

anthos-labs.com

hagertylabs.net

l1992.com

856379580.xyz

rcbb-technologies.com

realhoggapparel.com

sauceprince.com

tootingcab.com

4chase5.com

ordergogibibimbap.com

nyj.xyz

dermixspa.com

premiergiftingco.com

razorcentric.com

mbrealtyadvisors.com

officialjazz.club

cctv006.com

hbcuatthepolls.info

prestamos-ya.com

Targets

    • Target

      123657146d91536f96286717786d45a4

    • Size

      942KB

    • MD5

      123657146d91536f96286717786d45a4

    • SHA1

      601ad65123b6417d4b5368974247e5fe4c808d2b

    • SHA256

      4a82f9fe9128707c38e60ee4feea398d4edfcca38d066ed3670b5858d8685a05

    • SHA512

      4adaa3bd089bd5d449b00438f58fa7b30ccb3cf81731498645f44b40b387d534c68e2aab66a2c587a71e5df84578a6c5dafc7de34bd375528d1a387899b6cb9e

    • SSDEEP

      24576:GwOuJARseTMqhJqJIP4wkyKwWhmdraLqs:xPARsSZhJqy4pl4N

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks