General
-
Target
ba3c72780f80542fe09aeed80a9a56c6
-
Size
489KB
-
Sample
240308-ce2w7sdc7t
-
MD5
ba3c72780f80542fe09aeed80a9a56c6
-
SHA1
22bc724884cf52efe4c596bcd8ffdd155c783238
-
SHA256
c840ee368fcab5974485c16fc456b1dc1923cc5e113ce6a96f6f314a7ec5ac94
-
SHA512
a66602343d24dff4330551b900644ece8fe62059a88327ddac99fb0bc625a7eb3cfa6f3697beed4a0ec9f2f1f227f42dd4e36c43470cf4c71d38b6ad07ee15fd
-
SSDEEP
6144:nnBvlIlWuTpGUMgc8cNPD/t1owJ/ag1iTOEdo29hwgy537GjqsfThJS8MHoAeTRk:nOWNUMFNbt7ag1jAhwgySLhDMHoF1k
Malware Config
Extracted
xloader
2.3
t75f
onegolfsydney.com
kaizensportscoaching.com
mliacbjv.icu
rinstech.net
midas-parts.com
istmenian.com
ibrahimpike.com
herbspaces.com
gentleman4higher.com
workabusiness.com
isabusive.website
222555dy.com
lwhyzhzb.xyz
gabrielabravoillanes.com
hearthomelife.com
buildswealth.com
printitaz.com
l-mventures.com
baincot3.com
nstaq-labs.com
Targets
-
-
Target
ba3c72780f80542fe09aeed80a9a56c6
-
Size
489KB
-
MD5
ba3c72780f80542fe09aeed80a9a56c6
-
SHA1
22bc724884cf52efe4c596bcd8ffdd155c783238
-
SHA256
c840ee368fcab5974485c16fc456b1dc1923cc5e113ce6a96f6f314a7ec5ac94
-
SHA512
a66602343d24dff4330551b900644ece8fe62059a88327ddac99fb0bc625a7eb3cfa6f3697beed4a0ec9f2f1f227f42dd4e36c43470cf4c71d38b6ad07ee15fd
-
SSDEEP
6144:nnBvlIlWuTpGUMgc8cNPD/t1owJ/ag1iTOEdo29hwgy537GjqsfThJS8MHoAeTRk:nOWNUMFNbt7ag1jAhwgySLhDMHoF1k
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader payload
-
Suspicious use of SetThreadContext
-