General

  • Target

    6a648e78826c4e2e6a4c1f984c91cbedadf14344383306d023f4730d481bce05.exe

  • Size

    743KB

  • Sample

    240726-d7jrrsthpl

  • MD5

    10b55b038f70d21f31cd55f787d44ae0

  • SHA1

    8ffb7bd8228f943c54e5137f1894dc6c8b4a54d3

  • SHA256

    6a648e78826c4e2e6a4c1f984c91cbedadf14344383306d023f4730d481bce05

  • SHA512

    86855a81e92af79055d141f52b73305734763cda1ca4602709e88e819c0e6b6b432bd60b24bde53d07081e2ad20a24dce62e502417be1f6bb665b55f62dea963

  • SSDEEP

    12288:zlqyqREeIzk+ZkO+SaTu8psEd7zp5I56IW3B2kb+tqYtkmJ1M:zNeIzJZkO5qsoPva6hEOsqOk0

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hfhf

Decoy

ddhh9500.com

lesterkwilson.store

southasianrepublicans.com

azumo.xyz

emptycc.net

lelasthriftboutique.com

redis76.com

marinebelaroi.com

hallibrewerproductions.com

elevareassessoria.com

haozhugou.com

anti-ragebot.com

bardo.xyz

dryerventmastersllc.com

qmhdxu.biz

getgoldentoday.com

crippledom.com

primedispatchers.com

052et.xyz

h2adubai.com

Targets

    • Target

      6a648e78826c4e2e6a4c1f984c91cbedadf14344383306d023f4730d481bce05.exe

    • Size

      743KB

    • MD5

      10b55b038f70d21f31cd55f787d44ae0

    • SHA1

      8ffb7bd8228f943c54e5137f1894dc6c8b4a54d3

    • SHA256

      6a648e78826c4e2e6a4c1f984c91cbedadf14344383306d023f4730d481bce05

    • SHA512

      86855a81e92af79055d141f52b73305734763cda1ca4602709e88e819c0e6b6b432bd60b24bde53d07081e2ad20a24dce62e502417be1f6bb665b55f62dea963

    • SSDEEP

      12288:zlqyqREeIzk+ZkO+SaTu8psEd7zp5I56IW3B2kb+tqYtkmJ1M:zNeIzJZkO5qsoPva6hEOsqOk0

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks