General

  • Target

    1c0c739a4929470941eab3e7cf3a8bf1

  • Size

    326KB

  • Sample

    231230-zg78bsegcr

  • MD5

    1c0c739a4929470941eab3e7cf3a8bf1

  • SHA1

    a32beb88b7097b12cbac1fce6ee3ce14203eddda

  • SHA256

    e4f6934778af90c9743606ba732f32121601a3b227f5e881eba31595e67a8a05

  • SHA512

    80b7a66829034785a354ff54615b1931d2e0bb9c6ecaf124658158aabafc435244b7554045ba42ef7e5e7d5143400e0e5dc0181d9622397b4028ad56cd70ee4e

  • SSDEEP

    6144:2Arf0xh3Hfr5YwuLpVQHHj7XrEqjNbaiywYqzPKlrRRDtJ9DWWiOpUsDnB7ij75:xrf0P3HD5YeHj7X4s+2D+RRDRiWDp1nU

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

fznn

Decoy

petmarketsolutions.com

themummymarketplace.com

themidnightcollectivepdx.com

detoxshake.site

ross76.com

tom-tours2020.com

domoservis.com

allcombuildingsvc.com

padelshop.online

wosaying.com

heafg.com

inglesbrasileiro.com

santaclausonline.net

voiceofmagic.com

lafayettelc.com

communal-sleeve.net

extremecouponing.online

mypomate.com

rtdrillbit.com

therealtortaylor.com

Targets

    • Target

      1c0c739a4929470941eab3e7cf3a8bf1

    • Size

      326KB

    • MD5

      1c0c739a4929470941eab3e7cf3a8bf1

    • SHA1

      a32beb88b7097b12cbac1fce6ee3ce14203eddda

    • SHA256

      e4f6934778af90c9743606ba732f32121601a3b227f5e881eba31595e67a8a05

    • SHA512

      80b7a66829034785a354ff54615b1931d2e0bb9c6ecaf124658158aabafc435244b7554045ba42ef7e5e7d5143400e0e5dc0181d9622397b4028ad56cd70ee4e

    • SSDEEP

      6144:2Arf0xh3Hfr5YwuLpVQHHj7XrEqjNbaiywYqzPKlrRRDtJ9DWWiOpUsDnB7ij75:xrf0P3HD5YeHj7X4s+2D+RRDRiWDp1nU

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks