General

  • Target

    92f15ca5167c47451b44f08c4eb0d5a4

  • Size

    1.3MB

  • Sample

    240205-zelljsgaf8

  • MD5

    92f15ca5167c47451b44f08c4eb0d5a4

  • SHA1

    aaa650fdf71978a3143a5a8c85a57a5518c6c8e1

  • SHA256

    4c1b38391ab198fb0e2c7050a8951e65efbc818991fb710f6deeb2c76a54c734

  • SHA512

    6dbc42456fe5a43f0e6c27716bef93365e4642301014589e60276b756f1877faf7e056aa3bcd3e36d27b8bbcabcac68bda89e491d765fec5379e24c0214bf19d

  • SSDEEP

    24576:MoSd76DOXfx8Dgyfx8DgFwUUNmvNTiP4t5MwDZF2L:+d76e58Dgy58DgFw2fTZQ

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

    • Target

      92f15ca5167c47451b44f08c4eb0d5a4

    • Size

      1.3MB

    • MD5

      92f15ca5167c47451b44f08c4eb0d5a4

    • SHA1

      aaa650fdf71978a3143a5a8c85a57a5518c6c8e1

    • SHA256

      4c1b38391ab198fb0e2c7050a8951e65efbc818991fb710f6deeb2c76a54c734

    • SHA512

      6dbc42456fe5a43f0e6c27716bef93365e4642301014589e60276b756f1877faf7e056aa3bcd3e36d27b8bbcabcac68bda89e491d765fec5379e24c0214bf19d

    • SSDEEP

      24576:MoSd76DOXfx8Dgyfx8DgFwUUNmvNTiP4t5MwDZF2L:+d76e58Dgy58DgFw2fTZQ

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks