General

  • Target

    ca19432da459c894d6886030b078a5a132fa244aaaff0433f95bf888b586530d

  • Size

    325KB

  • Sample

    241121-zh2ryaxmgs

  • MD5

    664610b26d7994dc40f6d81955a7ecc7

  • SHA1

    ad208933d31f9513e7230011000f25f4f596c455

  • SHA256

    ca19432da459c894d6886030b078a5a132fa244aaaff0433f95bf888b586530d

  • SHA512

    71597b0716c52cda65d9bfc5efbd5c552dcdf939f2aa65c675b9d490d215860dd3c4b9f13b2a52140f63b1a3ee06b7801136603ee17e08d77f3b1c2c6fe31058

  • SSDEEP

    6144:dIpaDOa+BHJFdktMxSdv8p6cfQ2Uj9REwBvhYKHp6jsD:+pad+BHiczxYH37ZY8uK

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nqs9

Decoy

lgingood.com

shopgeti.com

christianuomo.com

sportsxuk.com

markidesignstore.com

tjhuoliao.com

docomobb.xyz

ilrespirodelmare.com

kfconline.rest

paramusrepair.com

w3zand.com

unguamtruppe.quest

bethesdagardensloveland.net

bostonstretchlimousine.com

yycsmj.net

creatorgela.com

bestalcoholfreebeer.com

jorgeforfr.com

dlzxd.com

rajaranicoupon.xyz

Targets

    • Target

      3824f68042b243ff952a0184baaca8ede5c254821a8ec8e8be9fa86224ddbc55

    • Size

      337KB

    • MD5

      1e9e125ed34109f2c640b25538185cac

    • SHA1

      89faa5b5789eb1633ca74ee15d34c16c0b0cf174

    • SHA256

      3824f68042b243ff952a0184baaca8ede5c254821a8ec8e8be9fa86224ddbc55

    • SHA512

      b5a98b361d7006b12570b15ef28d5fdc41f274db6e95e9eea7ec6f08736676b630ad2bb0347aecb7bca9433a5f31eafa6f3bd72dd504ec4ec61dc01e06d0c1ee

    • SSDEEP

      6144:rGiPGY4OddUWhpyRJ5Q/cd78kxpAX1F1NIyEA29o7EJYUlhZIzPW:yY4Opyb5Q/cV8kxGX1FMaFEJVpcW

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      kczbgk.exe

    • Size

      177KB

    • MD5

      0bf3e785b6a7a0c1ae07417cbf290121

    • SHA1

      5cf19f555dc7ed6eefa74285e95ca7b396855793

    • SHA256

      bd0b5a7be527aa878536fa7f40dcff283a51a7138109efaf2a44440b235a0ab5

    • SHA512

      d83ab29b90b2f07d8125d5452a113ab43dffd88a423003e0a53d5937549ef7d04b4e994a8b2520637651d46080c98c8a3bea2916c1dccb42f6f97cf966ce81cb

    • SSDEEP

      3072:AtM7C70nMyTBIMzeY4og8T/BOvRNPDE+FvnqMsYFhFiScRC:AnSMaBpeY4x8T5KDDE+FSMsaZp

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks