General

  • Target

    31906b742c04859d95c6ebf9a5f94b83

  • Size

    1.3MB

  • Sample

    231231-lt2dnahbb6

  • MD5

    31906b742c04859d95c6ebf9a5f94b83

  • SHA1

    a3f982de577ac410ee2fe6e0ef3d2400b9e0f66a

  • SHA256

    3d948a7f2044c1ee2fe821212c22234f7fc8caae7a81b257abbedc39ae17b6e4

  • SHA512

    54cd8495fdafd3762c066f6f49aae0477a59868bcdd6423358a99b083e964fb54ad31deb367da464c970b544886c1deb1589025effb2ab5af6c876cc6cf048d8

  • SSDEEP

    24576:e8s2L74wp7Fd0D5wHcgsVPorazZ+Dq9RE7:eb2L7HLM5wHcgkorU+DS

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b0ar

Decoy

fbadformula.com

appdios.com

guyhoquet-immobilier-drancy.com

pokerwiro.com

maxwellhospitaljaipur.com

88n9.com

bennypc.com

corcoranconsult.com

cuidatusaludcuidatucasa.com

motlakfitnes.com

laurahurricanerelief.com

nostacktofullstack.com

privsec-mail.com

andalusaihealth.com

doosanmodelhouse.com

quickbookaccountingpro.com

falconrysouk.com

vnielvmdqxk538.xyz

asshop.space

mhscdnv1.club

Targets

    • Target

      31906b742c04859d95c6ebf9a5f94b83

    • Size

      1.3MB

    • MD5

      31906b742c04859d95c6ebf9a5f94b83

    • SHA1

      a3f982de577ac410ee2fe6e0ef3d2400b9e0f66a

    • SHA256

      3d948a7f2044c1ee2fe821212c22234f7fc8caae7a81b257abbedc39ae17b6e4

    • SHA512

      54cd8495fdafd3762c066f6f49aae0477a59868bcdd6423358a99b083e964fb54ad31deb367da464c970b544886c1deb1589025effb2ab5af6c876cc6cf048d8

    • SSDEEP

      24576:e8s2L74wp7Fd0D5wHcgsVPorazZ+Dq9RE7:eb2L7HLM5wHcgkorU+DS

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks