General

  • Target

    320b22093312d875750b0bded437044a

  • Size

    672KB

  • Sample

    231231-l4deksbeh8

  • MD5

    320b22093312d875750b0bded437044a

  • SHA1

    a3ff287205d2f0fcbc0b8ef52606db20eb9067f2

  • SHA256

    d600b67d25533d1119d391f1448aa3ab62be584706ec804d2cb9b11ff6fbf33e

  • SHA512

    ae1b568715a668b8620be1f0fc689f152576a708ae592ccbd385edc65d02e73ad3700249603b2d8bf5b4f034ad4ff5835d8810e3637577ef1f36ec2a4bca7fd2

  • SSDEEP

    12288:MXe9PPlowWX0t6mOQwg1Qd15CcYk0We1lY3l9x+vY61YtkDu6o+bplB:phloDX0XOf4w9cJu6o+bplB

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p3q8

Decoy

joyjoystore.com

dhznscklxe.com

sibal-taxi.com

idealtecoman.com

bridesword.xyz

poppyca.com

asoftplaceofrest.com

sainathadvertising.com

jankariinhindi.com

gfreshdelivery.com

kimbilgi.com

xzwykj.com

6huamo.com

amorabsoluto2020.com

buyhypoclean.com

rabatt-dealer.info

rapidtestor.com

envio2.xyz

greatroomsdesign.com

hgdental.net

Targets

    • Target

      320b22093312d875750b0bded437044a

    • Size

      672KB

    • MD5

      320b22093312d875750b0bded437044a

    • SHA1

      a3ff287205d2f0fcbc0b8ef52606db20eb9067f2

    • SHA256

      d600b67d25533d1119d391f1448aa3ab62be584706ec804d2cb9b11ff6fbf33e

    • SHA512

      ae1b568715a668b8620be1f0fc689f152576a708ae592ccbd385edc65d02e73ad3700249603b2d8bf5b4f034ad4ff5835d8810e3637577ef1f36ec2a4bca7fd2

    • SSDEEP

      12288:MXe9PPlowWX0t6mOQwg1Qd15CcYk0We1lY3l9x+vY61YtkDu6o+bplB:phloDX0XOf4w9cJu6o+bplB

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks