General

  • Target

    3116e0acce271b8db6857cbcd9ba96f2

  • Size

    874KB

  • Sample

    231231-lkf2csedf8

  • MD5

    3116e0acce271b8db6857cbcd9ba96f2

  • SHA1

    3abb86f17ef9377d17cc479bef4ce0d77ab2a352

  • SHA256

    5a1b75ac98b97b8d336bc39cfe1af7670da83ef462db07b134014aa828652a70

  • SHA512

    bb51b81e221047b446ca77f2c267493a448ee80e52414a604c4206896a736af860fd0e794ec40f4c66ba4e065e1c3317a7c23273b3a210cf7abd6c6b4649ff13

  • SSDEEP

    12288:P50T1z4SqPjOzZkmc0/QvAH8Jn5htK0vcsRjME5mEmeN/ukh6VWsg:etgccfCsBvrRwE59N2kh6VWH

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Targets

    • Target

      3116e0acce271b8db6857cbcd9ba96f2

    • Size

      874KB

    • MD5

      3116e0acce271b8db6857cbcd9ba96f2

    • SHA1

      3abb86f17ef9377d17cc479bef4ce0d77ab2a352

    • SHA256

      5a1b75ac98b97b8d336bc39cfe1af7670da83ef462db07b134014aa828652a70

    • SHA512

      bb51b81e221047b446ca77f2c267493a448ee80e52414a604c4206896a736af860fd0e794ec40f4c66ba4e065e1c3317a7c23273b3a210cf7abd6c6b4649ff13

    • SSDEEP

      12288:P50T1z4SqPjOzZkmc0/QvAH8Jn5htK0vcsRjME5mEmeN/ukh6VWsg:etgccfCsBvrRwE59N2kh6VWH

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks