General

  • Target

    316117c4290a6293368dc1d49ef5cf11

  • Size

    252KB

  • Sample

    231231-lql5kagah4

  • MD5

    316117c4290a6293368dc1d49ef5cf11

  • SHA1

    14e6d42121e534f61244e5096380cf36138a88e4

  • SHA256

    5b127ba9e944e4b488f41fe31a345d14ea87b4f812074208480d79739c3795ea

  • SHA512

    5f4e2efa25b164cc4b3820dde68a55f77915357544ba5f751d44cc654c287bfcc0e325a020a46a683d7e3d9e688efc27be3fcb1e83b01941f3ac623a5de65e7e

  • SSDEEP

    6144:Cd53TvpHeIl0/fnSQzarEoYmvVBAamv9lulRi6cvM3MSflfH:Cd53TvpHeIl0/fnjzaDYmvnAakucvGfZ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p596

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

    • Target

      316117c4290a6293368dc1d49ef5cf11

    • Size

      252KB

    • MD5

      316117c4290a6293368dc1d49ef5cf11

    • SHA1

      14e6d42121e534f61244e5096380cf36138a88e4

    • SHA256

      5b127ba9e944e4b488f41fe31a345d14ea87b4f812074208480d79739c3795ea

    • SHA512

      5f4e2efa25b164cc4b3820dde68a55f77915357544ba5f751d44cc654c287bfcc0e325a020a46a683d7e3d9e688efc27be3fcb1e83b01941f3ac623a5de65e7e

    • SSDEEP

      6144:Cd53TvpHeIl0/fnSQzarEoYmvVBAamv9lulRi6cvM3MSflfH:Cd53TvpHeIl0/fnjzaDYmvnAakucvGfZ

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks