General
-
Target
2532bb13e85502232f9d27e2bea32761
-
Size
724KB
-
Sample
231231-db5pcsbdbl
-
MD5
2532bb13e85502232f9d27e2bea32761
-
SHA1
14b9515020a8185fbcf884d1f544b1c1f7dd09ce
-
SHA256
f9a00abbd20dd390ed916f6dcda26cbca5a72f6b7dcb11633d07dde6e680a67f
-
SHA512
cd3f7412ebd8754b7ede76f27a504fc1d8657b09f7b29564d5f471218101d3009d806cd99473710b151d2bd2975d0bb279ae46ba2c355b9881e88ff211e18b6d
-
SSDEEP
12288:7PPfyAL95+FkXMPg64R2IEeUT3uiG/wpGMwu3Mxv8aeGeQU7:6FkWAR2Os0tXZVeZ
Malware Config
Extracted
xloader
2.3
b8eu
ppslide.com
savorysinsation.com
camilaediego2021.com
rstrunk.net
xianshikanxiyang.club
1borefruit.com
ay-danil.club
xamangxcoax.club
waltonunderwood.com
laurabissell.com
laurawmorrow.com
albamauto.net
usamlb.com
theoyays.com
freeitproject.com
jijiservice.com
ukcarpetclean.com
wc399.com
xn--pskrtmebeton-dlbc.online
exclusivemerchantsolutions.com
Targets
-
-
Target
2532bb13e85502232f9d27e2bea32761
-
Size
724KB
-
MD5
2532bb13e85502232f9d27e2bea32761
-
SHA1
14b9515020a8185fbcf884d1f544b1c1f7dd09ce
-
SHA256
f9a00abbd20dd390ed916f6dcda26cbca5a72f6b7dcb11633d07dde6e680a67f
-
SHA512
cd3f7412ebd8754b7ede76f27a504fc1d8657b09f7b29564d5f471218101d3009d806cd99473710b151d2bd2975d0bb279ae46ba2c355b9881e88ff211e18b6d
-
SSDEEP
12288:7PPfyAL95+FkXMPg64R2IEeUT3uiG/wpGMwu3Mxv8aeGeQU7:6FkWAR2Os0tXZVeZ
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-