General

  • Target

    3a0f86482d12e9d3a275763997708d9b

  • Size

    1.2MB

  • Sample

    231231-rzn86saag3

  • MD5

    3a0f86482d12e9d3a275763997708d9b

  • SHA1

    3f0c0e46ccc58b066331946101c9c8004fa8c9b2

  • SHA256

    b5918ac7fd3c3323260a3158fe0230b58cdb7098bb659285374e5e2dc1c75f7d

  • SHA512

    a2cad015fcb45163fdff6d99b5518d952635c7b0e19a47b31f8736f8a12ba21df1f13f0fa79e6e749dce826aeda0aa7e1ab42fd6138e96992fce59368bf52b5a

  • SSDEEP

    12288:NYokHiZLn+XEPxm8lh0CmGIwV3r5lUtWeiQR2q0+aeSj1fZ0SW64+mRyK033kwsG:NYccCmDGOsBgo0q4wM3L2q/rKLh3HzM

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u3r5

Decoy

alashan.ltd

demopagephequan.online

garxznql.icu

unetart.com

dajiangzhibo15.com

influencer.fund

beverlyhills.city

strefafryzur.net

giftboxhawaii.com

ecotiare.com

homeandgardenradioshow.com

sageandsandco.com

laflesoley.com

icipatanegra.online

autovistoriapredial.net

xn--polenezkypark-pmb.com

cbdamic.com

aaronandmarissa.com

datasoma.digital

theclosetology.com

Targets

    • Target

      3a0f86482d12e9d3a275763997708d9b

    • Size

      1.2MB

    • MD5

      3a0f86482d12e9d3a275763997708d9b

    • SHA1

      3f0c0e46ccc58b066331946101c9c8004fa8c9b2

    • SHA256

      b5918ac7fd3c3323260a3158fe0230b58cdb7098bb659285374e5e2dc1c75f7d

    • SHA512

      a2cad015fcb45163fdff6d99b5518d952635c7b0e19a47b31f8736f8a12ba21df1f13f0fa79e6e749dce826aeda0aa7e1ab42fd6138e96992fce59368bf52b5a

    • SSDEEP

      12288:NYokHiZLn+XEPxm8lh0CmGIwV3r5lUtWeiQR2q0+aeSj1fZ0SW64+mRyK033kwsG:NYccCmDGOsBgo0q4wM3L2q/rKLh3HzM

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks