General

  • Target

    8ac51d777f1c94d5d7647d7e5d4ebbc2a809500a607ce866af405f0b834793e2

  • Size

    350KB

  • Sample

    240902-fjse4stanh

  • MD5

    80ee1c96ab367d3810a3fe6bfe92d2cc

  • SHA1

    65b1021a8d9857e1354cd7775b13ee0584b28e87

  • SHA256

    8ac51d777f1c94d5d7647d7e5d4ebbc2a809500a607ce866af405f0b834793e2

  • SHA512

    0827bc64c2f47a4fcb3cd178727f889bc99f7d9a1f460ccdd065d8bce7553dc72d3e2e02f57116c2d4c5f3bfa4163f05bec0fbcd8a654a885a53744910070283

  • SSDEEP

    6144:E3CDRM9sIkrdnvmgUmCey7lp1NriR3DgXMTHj5LzLA/coRkxcvRLr:sf9HmdvmKCeop1xM38XMTHj5LeRkuvFr

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wpsb

Decoy

0817ls.com

drawbeirut.com

respiteready.com

yufkayurek.com

poss-plus.com

distributesimilar.com

mcmendzlawns.com

bingent.info

wellnessandcomfort.com

humilityhope.com

recetasfes.com

olala.asia

epochryphal.com

room-lettings-onlines.club

lvc.xyz

reicolee.com

davidmarkphotovideo.photography

corpuschristicarbuyers.com

tutorialyoutube.com

ativ.pro

Targets

    • Target

      8ac51d777f1c94d5d7647d7e5d4ebbc2a809500a607ce866af405f0b834793e2

    • Size

      350KB

    • MD5

      80ee1c96ab367d3810a3fe6bfe92d2cc

    • SHA1

      65b1021a8d9857e1354cd7775b13ee0584b28e87

    • SHA256

      8ac51d777f1c94d5d7647d7e5d4ebbc2a809500a607ce866af405f0b834793e2

    • SHA512

      0827bc64c2f47a4fcb3cd178727f889bc99f7d9a1f460ccdd065d8bce7553dc72d3e2e02f57116c2d4c5f3bfa4163f05bec0fbcd8a654a885a53744910070283

    • SSDEEP

      6144:E3CDRM9sIkrdnvmgUmCey7lp1NriR3DgXMTHj5LzLA/coRkxcvRLr:sf9HmdvmKCeop1xM38XMTHj5LeRkuvFr

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks