General

  • Target

    71a405f80b94353b19123d0fa7369e1d

  • Size

    690KB

  • Sample

    240124-jdfe5sdaa8

  • MD5

    71a405f80b94353b19123d0fa7369e1d

  • SHA1

    e27029c3ff09a6cb746dc851cd8fd9ab90e0a7ee

  • SHA256

    8e3f34bcbcdf3fbdfda09eeb573867c7a92c97f1995db678a8d67945ea3ebe5f

  • SHA512

    307912d2d8cea9f1782e71f8ab285dc6702e36981e3732426e6cfe7045636e9c2a94eff428a9dacc5090adba709fcd6acb86e63e3e3fa185630d3f161dede1f2

  • SSDEEP

    12288:h9P1kbHhlR1+ZkOJKbn31BeL7FdAWyLzRHG+vhbc:ybHhlR1531ILTA3zRHG+Zbc

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Targets

    • Target

      71a405f80b94353b19123d0fa7369e1d

    • Size

      690KB

    • MD5

      71a405f80b94353b19123d0fa7369e1d

    • SHA1

      e27029c3ff09a6cb746dc851cd8fd9ab90e0a7ee

    • SHA256

      8e3f34bcbcdf3fbdfda09eeb573867c7a92c97f1995db678a8d67945ea3ebe5f

    • SHA512

      307912d2d8cea9f1782e71f8ab285dc6702e36981e3732426e6cfe7045636e9c2a94eff428a9dacc5090adba709fcd6acb86e63e3e3fa185630d3f161dede1f2

    • SSDEEP

      12288:h9P1kbHhlR1+ZkOJKbn31BeL7FdAWyLzRHG+vhbc:ybHhlR1531ILTA3zRHG+Zbc

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks