General

  • Target

    19f3fd34f33976e37a64d0baf70b1b90

  • Size

    441KB

  • Sample

    231230-qpjehagggp

  • MD5

    19f3fd34f33976e37a64d0baf70b1b90

  • SHA1

    2d83d40cc53885c2ba5a7f21641ecbe5c4042e10

  • SHA256

    77a828cb768b55daddfbe7022e9f0158a1261ac7752972ab06368f6b93335461

  • SHA512

    6189f7349b7db0723efa26ce3da9b378df8d376020dcc259fc271eee83f7e285ca0cd6c8176771a79a5970d041546cace912e41c6ddc9887a842f9731e793cc5

  • SSDEEP

    6144:V8FYF4XO7l+rk64dlDYv0zplGzvcqHmDJh7FQlO4swMNja1fYHWz52tcjXPnzBLU:V8F6WOR+rmd9d9DvoLsHLHmj/n0

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bbd3

Decoy

academianeurosapiens.com

dracaenaclub.com

goodshoup.com

ubkpay2020.xyz

desireinspiration.com

saiglobals.com

inspire-coworks.com

bidmotorsleiloes.com

fk-taiyo.com

krossspace.com

qualityda.site

compresedairsystems.com

hvacwebdesigner.com

lascapsystems.com

7434west114th.info

christajaillethomes.com

ms00852.com

aliceinhome.com

eer.xyz

eritreamatrimony.com

Targets

    • Target

      19f3fd34f33976e37a64d0baf70b1b90

    • Size

      441KB

    • MD5

      19f3fd34f33976e37a64d0baf70b1b90

    • SHA1

      2d83d40cc53885c2ba5a7f21641ecbe5c4042e10

    • SHA256

      77a828cb768b55daddfbe7022e9f0158a1261ac7752972ab06368f6b93335461

    • SHA512

      6189f7349b7db0723efa26ce3da9b378df8d376020dcc259fc271eee83f7e285ca0cd6c8176771a79a5970d041546cace912e41c6ddc9887a842f9731e793cc5

    • SSDEEP

      6144:V8FYF4XO7l+rk64dlDYv0zplGzvcqHmDJh7FQlO4swMNja1fYHWz52tcjXPnzBLU:V8F6WOR+rmd9d9DvoLsHLHmj/n0

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks