General

  • Target

    810f1a27ae76ae75cfc96e35ad3f4aa8

  • Size

    1.1MB

  • Sample

    240129-2q24saeabk

  • MD5

    810f1a27ae76ae75cfc96e35ad3f4aa8

  • SHA1

    e3a02ff3d469684599eae93ce46699ea1d0e4339

  • SHA256

    5e43f6650d84d2f3c5b279c98a207a434a70369598e9b8cdc0617e3d7dec5479

  • SHA512

    2453715878b28c7c9fe1b38e377827b65d05bc4e98f0d44357613e341d3e0854e9bf00093cce8bc8e966aa6985a13f02a1c615da72dcd7f36b8a81947b8e2e40

  • SSDEEP

    12288:XDylMPBK+31hzMYeDQsLhBN9aTom5OuViUT3uiG/wpGM2u3Mxv8aex5kUOZeQU7:XulkIqnEhf9aTXEuVis0PXZU2UmeZ

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b8eu

Decoy

ppslide.com

savorysinsation.com

camilaediego2021.com

rstrunk.net

xianshikanxiyang.club

1borefruit.com

ay-danil.club

xamangxcoax.club

waltonunderwood.com

laurabissell.com

laurawmorrow.com

albamauto.net

usamlb.com

theoyays.com

freeitproject.com

jijiservice.com

ukcarpetclean.com

wc399.com

xn--pskrtmebeton-dlbc.online

exclusivemerchantsolutions.com

Targets

    • Target

      810f1a27ae76ae75cfc96e35ad3f4aa8

    • Size

      1.1MB

    • MD5

      810f1a27ae76ae75cfc96e35ad3f4aa8

    • SHA1

      e3a02ff3d469684599eae93ce46699ea1d0e4339

    • SHA256

      5e43f6650d84d2f3c5b279c98a207a434a70369598e9b8cdc0617e3d7dec5479

    • SHA512

      2453715878b28c7c9fe1b38e377827b65d05bc4e98f0d44357613e341d3e0854e9bf00093cce8bc8e966aa6985a13f02a1c615da72dcd7f36b8a81947b8e2e40

    • SSDEEP

      12288:XDylMPBK+31hzMYeDQsLhBN9aTom5OuViUT3uiG/wpGM2u3Mxv8aex5kUOZeQU7:XulkIqnEhf9aTXEuVis0PXZU2UmeZ

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks