General
-
Target
266a42301d52352d24b59aa618d582afac1c2f27a5ab66e6e26a42314b5f4f74.exe
-
Size
417KB
-
Sample
241122-w7wens1rdr
-
MD5
561b2242c36b5599a5c4e25a3322534e
-
SHA1
fb5a634c77d7f6346ea7d0c3860c3f5a0781618e
-
SHA256
266a42301d52352d24b59aa618d582afac1c2f27a5ab66e6e26a42314b5f4f74
-
SHA512
fa961bf85f2c4f9018ba5dedbd80c1ba4d9de7fd4e79fb2cdf794deb7eb8384e9d56d5cfdf68c552975d5c3594bb22784bce3b846eb98faf4082b02bdd2ed309
-
SSDEEP
12288:Awhxe47sMXuMCIy04qtaOhv+AlicO/xI/SbVJ50D805VU:Aw3H7drCI4qtaK+Ali9e/SxJ502
Malware Config
Extracted
xloader
2.5
wogm
sub-dude.net
repeatcustom.com
goodspaz.com
sinagropuree.com
jyh8886.com
muescabynes.quest
stark.agency
nolimit168.com
hypermediastore.com
arab-xt-pro.com
gruppovimar.com
santamariamoto.express
affaridistribuciones.com
straetah.com
collectionsbyvivi.com
nalainteriores.com
weeklywars.com
insightmyhome.com
ucml.net
herderguru.com
Targets
-
-
Target
266a42301d52352d24b59aa618d582afac1c2f27a5ab66e6e26a42314b5f4f74.exe
-
Size
417KB
-
MD5
561b2242c36b5599a5c4e25a3322534e
-
SHA1
fb5a634c77d7f6346ea7d0c3860c3f5a0781618e
-
SHA256
266a42301d52352d24b59aa618d582afac1c2f27a5ab66e6e26a42314b5f4f74
-
SHA512
fa961bf85f2c4f9018ba5dedbd80c1ba4d9de7fd4e79fb2cdf794deb7eb8384e9d56d5cfdf68c552975d5c3594bb22784bce3b846eb98faf4082b02bdd2ed309
-
SSDEEP
12288:Awhxe47sMXuMCIy04qtaOhv+AlicO/xI/SbVJ50D805VU:Aw3H7drCI4qtaK+Ali9e/SxJ502
Score10/10-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader family
-
Xloader payload
-
Suspicious use of SetThreadContext
-