General

  • Target

    35b7cbb59dc298466c90222309a6adb2

  • Size

    860KB

  • Sample

    231231-pb7z9seaen

  • MD5

    35b7cbb59dc298466c90222309a6adb2

  • SHA1

    989158aa5c040d59bb9ed71f7807414d7b2a0b9c

  • SHA256

    4ef05b7079b1bf345f4759f1969a44faef7e2735e5e92d3f84d778b988d4287e

  • SHA512

    6abede088a65b31a53679228e4685c3dba9e3eee799b198bd4a28e27cba88a01f5ea908227306df4a944b3bcf7d952d617ac4f7eb3e8c7c1149c828ab13132e6

  • SSDEEP

    12288:+kjipAqZZoR65AXwgFvuSS1IBATKqyUhhJq+PpuYSx++0r7xibjcUmxVHeQU7:woR6qgjuWvjSx++0rGjI/eZ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b8eu

Decoy

ppslide.com

savorysinsation.com

camilaediego2021.com

rstrunk.net

xianshikanxiyang.club

1borefruit.com

ay-danil.club

xamangxcoax.club

waltonunderwood.com

laurabissell.com

laurawmorrow.com

albamauto.net

usamlb.com

theoyays.com

freeitproject.com

jijiservice.com

ukcarpetclean.com

wc399.com

xn--pskrtmebeton-dlbc.online

exclusivemerchantsolutions.com

Targets

    • Target

      35b7cbb59dc298466c90222309a6adb2

    • Size

      860KB

    • MD5

      35b7cbb59dc298466c90222309a6adb2

    • SHA1

      989158aa5c040d59bb9ed71f7807414d7b2a0b9c

    • SHA256

      4ef05b7079b1bf345f4759f1969a44faef7e2735e5e92d3f84d778b988d4287e

    • SHA512

      6abede088a65b31a53679228e4685c3dba9e3eee799b198bd4a28e27cba88a01f5ea908227306df4a944b3bcf7d952d617ac4f7eb3e8c7c1149c828ab13132e6

    • SSDEEP

      12288:+kjipAqZZoR65AXwgFvuSS1IBATKqyUhhJq+PpuYSx++0r7xibjcUmxVHeQU7:woR6qgjuWvjSx++0rGjI/eZ

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks