General

  • Target

    989ff52398498807cd579c9292d2ca47

  • Size

    1.0MB

  • Sample

    240213-gfzwfsge7y

  • MD5

    989ff52398498807cd579c9292d2ca47

  • SHA1

    26b1d6def0486063ecf91c95c1cd6966711d7655

  • SHA256

    9445483350a3ed0479eed69073869e73b7837327bade374605b841a560a6ee70

  • SHA512

    09a770c8cee12bd538a67d64d6f07299d8024858bd3c0e5149fd6063924f795892d10399722d68ba8b2276ca6465dea66014e4801e4abb1978ec5f8d0897a621

  • SSDEEP

    24576:EqaPJbYNjPvZjQ5/doK64Jtfhk0zKXkA:EHPJbY1RK64JpGkA

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Targets

    • Target

      989ff52398498807cd579c9292d2ca47

    • Size

      1.0MB

    • MD5

      989ff52398498807cd579c9292d2ca47

    • SHA1

      26b1d6def0486063ecf91c95c1cd6966711d7655

    • SHA256

      9445483350a3ed0479eed69073869e73b7837327bade374605b841a560a6ee70

    • SHA512

      09a770c8cee12bd538a67d64d6f07299d8024858bd3c0e5149fd6063924f795892d10399722d68ba8b2276ca6465dea66014e4801e4abb1978ec5f8d0897a621

    • SSDEEP

      24576:EqaPJbYNjPvZjQ5/doK64Jtfhk0zKXkA:EHPJbY1RK64JpGkA

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks