General

  • Target

    18dd0b9f7b648193b82f7dd5160e1a91

  • Size

    395KB

  • Sample

    231230-pxkf4aahcr

  • MD5

    18dd0b9f7b648193b82f7dd5160e1a91

  • SHA1

    4cb6719e2b538a45b6038290cbd9dfad8fcbd32d

  • SHA256

    7341f754c4a5399fb37e2f6432f3ceaadc9a4f82fea30f0c4b0543ad1d684dbb

  • SHA512

    8126eafd73c104ed7df0e8dc1c7a0b25a51d5c61fac60e5afeccd3496601bfc7894542684f7f92535af41261fa196918c6a62b5d2d44e78739edce640e2d3971

  • SSDEEP

    12288:odWk7SNNmeeKjEVPD/G36HbVEnRiZAPtHSw:owQeeRPUEbViiZ2j

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

snaa

Decoy

ivetau.com

jupstudios.com

myvintagespecs.com

nineliveslabs.xyz

linahaljarad.com

itbling.com

bqmmw.com

danmgg.com

savalanxe.com

gasolinestation.info

blankedu.com

virginiacannabislawyer.com

jochichicago.com

herbwarts.com

bigcitygigs.com

gheeduvine.com

underwoodway.net

philosophia-perennis.club

milanodesk.com

myrandr.com

Targets

    • Target

      18dd0b9f7b648193b82f7dd5160e1a91

    • Size

      395KB

    • MD5

      18dd0b9f7b648193b82f7dd5160e1a91

    • SHA1

      4cb6719e2b538a45b6038290cbd9dfad8fcbd32d

    • SHA256

      7341f754c4a5399fb37e2f6432f3ceaadc9a4f82fea30f0c4b0543ad1d684dbb

    • SHA512

      8126eafd73c104ed7df0e8dc1c7a0b25a51d5c61fac60e5afeccd3496601bfc7894542684f7f92535af41261fa196918c6a62b5d2d44e78739edce640e2d3971

    • SSDEEP

      12288:odWk7SNNmeeKjEVPD/G36HbVEnRiZAPtHSw:owQeeRPUEbViiZ2j

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks