dot.dot

Target

dot.dot

Size

12KB

Sample

210408-j4xdkgfkxa

Score

10 ^/10

MD5

40f03856876fda8b3bda880d1d5a4636

SHA1

d252c054154c5524dfbf3f3238b32f711290fd36

SHA256

a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81

SHA512

559a93f09a07a3aa13ffce038ef2d47a1b73ef6301fd2799a9b3cae99b3e7b652e65951a318cbe7bc31ae25ffeb05c644b08f306553ec9c70b4e60794e1e6687

Extracted

Family	xloader
Version	2.3
C2	http://www.scott-re.online/nnmd/ http://www.scott-re.online/nnmd/
Decoy	bongwater.life regalparkllc.com gyanankuram.com quehaydecenarhoy.com israeldigitalblog.net gatewaygaurdians.com krphp.com domentemenegi47.com fjsibao.com yetbor.com goldenvalueable.com finalexam-thegame.com buyeverythingforbaby.com phillydroneservices.com xn--kck4cd0r.net suns-brothers.com xn--80aaxkmix.xn--p1acf pjsgsc.com 7985699.com blackmantech.fitness acernoxsas.com verochfotografa.com az-pcp.com clonegrandma.com elpis-catering.com gujaratmba.com samanthataylordesigns.com sinisviaggi.com likehowto.com ueoxx.com americanscreentest.com taniakarina.com nevomo.group syduit.com elticrecruit.com xn--v1bmo9dufsb.com valid8.network vt999app.net privateselights.com xpddwrfj.icu mex33.info ekolucky.com v6b9.com winnijermaynezigmund.site papofabri.com ranguanglian.club vinegret.com sorelaxedmassage.com vr-club.site raison-sociale.com partapprintercare.com dream-e-mail.com cwcellar.com vegrebel.com my-weight-loss-blog.net hcr.services topmejoresproductos.com foodates.com l2zmamzoin.xyz nevertraveled.com ikoyisland.net lawsoftwareteam.com ufa2345.com thechilldrengang.com bongwater.life regalparkllc.com gyanankuram.com quehaydecenarhoy.com israeldigitalblog.net gatewaygaurdians.com krphp.com domentemenegi47.com fjsibao.com yetbor.com goldenvalueable.com finalexam-thegame.com buyeverythingforbaby.com phillydroneservices.com xn--kck4cd0r.net suns-brothers.com xn--80aaxkmix.xn--p1acf pjsgsc.com 7985699.com blackmantech.fitness acernoxsas.com verochfotografa.com az-pcp.com clonegrandma.com elpis-catering.com gujaratmba.com samanthataylordesigns.com sinisviaggi.com likehowto.com ueoxx.com americanscreentest.com taniakarina.com nevomo.group syduit.com elticrecruit.com xn--v1bmo9dufsb.com valid8.network vt999app.net privateselights.com xpddwrfj.icu mex33.info ekolucky.com v6b9.com winnijermaynezigmund.site papofabri.com ranguanglian.club vinegret.com sorelaxedmassage.com vr-club.site raison-sociale.com partapprintercare.com dream-e-mail.com cwcellar.com vegrebel.com my-weight-loss-blog.net hcr.services topmejoresproductos.com foodates.com l2zmamzoin.xyz nevertraveled.com ikoyisland.net lawsoftwareteam.com ufa2345.com thechilldrengang.com

Target

dot.dot

MD5

40f03856876fda8b3bda880d1d5a4636

Filesize

12KB

Score

10 ^/10

SHA1

d252c054154c5524dfbf3f3238b32f711290fd36

SHA256

a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81

SHA512

559a93f09a07a3aa13ffce038ef2d47a1b73ef6301fd2799a9b3cae99b3e7b652e65951a318cbe7bc31ae25ffeb05c644b08f306553ec9c70b4e60794e1e6687

Signatures

Xloader

Description

Xloader is a rebranded version of Formbook malware.

Tags

loader xloader
Xloader Payload

Tags

rat
Blocklisted process makes network request
Executes dropped EXE
Loads dropped DLL
Uses the VBS compiler for execution

TTPs

Scripting
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exploitation for Client Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

xloader loader rat

10^/10

behavioral2

1^/10

Extracted

Tags

Signatures

Xloader

Description

Tags

Xloader Payload

Tags

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Uses the VBS compiler for execution

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2