General
-
Target
68d833bbc98fa8c14cab1c22f458f0ec7a971b908365767514a8e2c1e3504f2f
-
Size
555KB
-
Sample
241121-yyh44awpcy
-
MD5
8914ac9579a77c019d18ad52bc8bc689
-
SHA1
49a2d12ea6aa96ff7806b57351ebc4239d0505bf
-
SHA256
68d833bbc98fa8c14cab1c22f458f0ec7a971b908365767514a8e2c1e3504f2f
-
SHA512
3de5ce15daf51da831397dd903cb021375e038389ed15ecbef648bdbf4c2e4133ac71acb81901dc8059634745b6ac5764f9b17f80882abe8bc6d4de052b34223
-
SSDEEP
12288:hoD6vV4LdDS2EZPQYMdmBPZI88VEwjh1eYM0V8YxpR6IlqDhQiSSnfxKj:apEZTBPZ+pjn/78qpLlchQrSnpKj
Malware Config
Extracted
xloader
2.5
ef6c
gicaredocs.com
govusergroup.com
conversationspit.com
brondairy.com
rjtherealest.com
xn--9m1bq8wgkag3rjvb.com
mylori.net
softandcute.store
ahljsm.com
shacksolid.com
weekendmusecollection.com
gaminghallarna.net
pgonline111.online
44mpt.xyz
ambrandt.com
eddytattoo.com
blendeqes.com
upinmyfeels.com
lacucinadesign.com
docomoau.xyz
Targets
-
-
Target
538b16e9cf0d0c6e8ab57ccbf7cc8457164615fb47cdf2e17278a635a9de36c7
-
Size
715KB
-
MD5
f444b6e1dfea126b54556aa8b3321f9a
-
SHA1
7c318d0d03dc5ad399b5fe764c1cbb132faf6c1b
-
SHA256
538b16e9cf0d0c6e8ab57ccbf7cc8457164615fb47cdf2e17278a635a9de36c7
-
SHA512
08ef03f4fd192cbfb0d322c3ba4f71940322f7fea7c477e67d53387cb6d321561d76462c8b6812f3627524d05bdaf89a14afd51b2fd5d02de2f0299cd1507d81
-
SSDEEP
12288:VW6JeVW5deCNMwtDTmilHq1QS8d4aO8H5pP9DbJRxHkEFkj4MgRlE3wU9t:V9J1deatDTmitq1QHd4jExJRdk/2WAE
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader family
-
Xloader payload
-
Suspicious use of SetThreadContext
-