General

  • Target

    d98f49c17101f5715e07e876585f6e6c

  • Size

    1.0MB

  • Sample

    240320-xlck4sha3v

  • MD5

    d98f49c17101f5715e07e876585f6e6c

  • SHA1

    af67b2295f7cf496dd93be883bbd39b3e33a8360

  • SHA256

    898e39ebe6bdfed0d216a54673ae93fe5349b1addd89e2891b969ff3745536f3

  • SHA512

    84f45c4289fe27516ba6fbe00f66880625ff87ecdf641e57952181ea455beddaed98acae5710f0f9f47bd717fe66ae15d8b14ca230c029c90abc4a0d2d17850f

  • SSDEEP

    12288:ZGAxqujfAPRyY983gp3KJsUAywxcB9BLbF6UKqhRXLWZrf97tXk0V+A:VqujfAPR3sA6J0yCC9hbXKabWZrTk

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

    • Target

      d98f49c17101f5715e07e876585f6e6c

    • Size

      1.0MB

    • MD5

      d98f49c17101f5715e07e876585f6e6c

    • SHA1

      af67b2295f7cf496dd93be883bbd39b3e33a8360

    • SHA256

      898e39ebe6bdfed0d216a54673ae93fe5349b1addd89e2891b969ff3745536f3

    • SHA512

      84f45c4289fe27516ba6fbe00f66880625ff87ecdf641e57952181ea455beddaed98acae5710f0f9f47bd717fe66ae15d8b14ca230c029c90abc4a0d2d17850f

    • SSDEEP

      12288:ZGAxqujfAPRyY983gp3KJsUAywxcB9BLbF6UKqhRXLWZrf97tXk0V+A:VqujfAPR3sA6J0yCC9hbXKabWZrTk

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks