General

  • Target

    a517d28c98162ae0abffdc146a7b5423.exe

  • Size

    341KB

  • Sample

    240107-ycr5wacgcn

  • MD5

    a517d28c98162ae0abffdc146a7b5423

  • SHA1

    64cd85e9376c7788f39a6cf42e30ad527a58f6ff

  • SHA256

    3671efa82568659680e2842ee611c5e21b9d02285c971c04000fb108494f734a

  • SHA512

    45a502567b717850ac4f2c6c692b243cda761d1cadc9e3e5ca9184f1a0274dda295d7b9e026185a8764a38816e74b01ee54d5a3b6f6d6d5a854119805d50f8d1

  • SSDEEP

    6144:H/9F7ZmKBcgqh3SBuaXEcTPBDAnZC1xzAG57I2HFgA9aBK+doeOpu2OfO1:HrdmKO0LfBIZA5/H6A9MLdoeG/V

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q3t0

Decoy

xn--n8jh0ox33v9th.club

realestateactiongroup.com

theblackcottage.com

iptvfresh.com

firstseviceresidential.com

enhancemarketingsolutions.com

matchawali.com

lockedselfstorage.com

laurencervera.com

waffleicionados.com

ryanplumbingandmechanical.com

mahalabartlemathiassen.com

enter-flowers.com

berlinclick.com

pop.direct

dangeranimalsfounded.press

sweetwhiskerscreamery.com

acaciamultimedia.com

thejoyfulmark.com

bspceducation.com

Targets

    • Target

      a517d28c98162ae0abffdc146a7b5423.exe

    • Size

      341KB

    • MD5

      a517d28c98162ae0abffdc146a7b5423

    • SHA1

      64cd85e9376c7788f39a6cf42e30ad527a58f6ff

    • SHA256

      3671efa82568659680e2842ee611c5e21b9d02285c971c04000fb108494f734a

    • SHA512

      45a502567b717850ac4f2c6c692b243cda761d1cadc9e3e5ca9184f1a0274dda295d7b9e026185a8764a38816e74b01ee54d5a3b6f6d6d5a854119805d50f8d1

    • SSDEEP

      6144:H/9F7ZmKBcgqh3SBuaXEcTPBDAnZC1xzAG57I2HFgA9aBK+doeOpu2OfO1:HrdmKO0LfBIZA5/H6A9MLdoeG/V

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks