General

  • Target

    53b8c0b31af3ba5de658c119e39f73bc

  • Size

    585KB

  • Sample

    240111-rgel1shcfq

  • MD5

    53b8c0b31af3ba5de658c119e39f73bc

  • SHA1

    946d13ae1bcc275b3b1e3542b08f04803a93b50a

  • SHA256

    4311e97e616734f94d1aa4d38f37679749ae84513d132aee134fbc364d25b6ec

  • SHA512

    a2963aeca88f486c519fec957878616182c62ff7fb5f2fda36816678594a4b54192abe56088666328142ddef7479621222de66c5e74a52f69f9756463e417436

  • SSDEEP

    12288:WXe9PPlowWX0t6mOQwg1Qd15CcYk0We10dOi0I9xkhHnSumVWvc/dNNcEUKc:rhloDX0XOf4pI9mhHisENWj

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

    • Target

      53b8c0b31af3ba5de658c119e39f73bc

    • Size

      585KB

    • MD5

      53b8c0b31af3ba5de658c119e39f73bc

    • SHA1

      946d13ae1bcc275b3b1e3542b08f04803a93b50a

    • SHA256

      4311e97e616734f94d1aa4d38f37679749ae84513d132aee134fbc364d25b6ec

    • SHA512

      a2963aeca88f486c519fec957878616182c62ff7fb5f2fda36816678594a4b54192abe56088666328142ddef7479621222de66c5e74a52f69f9756463e417436

    • SSDEEP

      12288:WXe9PPlowWX0t6mOQwg1Qd15CcYk0We10dOi0I9xkhHnSumVWvc/dNNcEUKc:rhloDX0XOf4pI9mhHisENWj

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Matrix ATT&CK v13

Tasks