dot.dot

General
Target

dot.dot

Size

12KB

Sample

210408-j4xdkgfkxa

Score
10 /10
MD5

40f03856876fda8b3bda880d1d5a4636

SHA1

d252c054154c5524dfbf3f3238b32f711290fd36

SHA256

a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81

SHA512

559a93f09a07a3aa13ffce038ef2d47a1b73ef6301fd2799a9b3cae99b3e7b652e65951a318cbe7bc31ae25ffeb05c644b08f306553ec9c70b4e60794e1e6687

Malware Config

Extracted

Family xloader
Version 2.3
C2

http://www.scott-re.online/nnmd/

Decoy

bongwater.life

regalparkllc.com

gyanankuram.com

quehaydecenarhoy.com

israeldigitalblog.net

gatewaygaurdians.com

krphp.com

domentemenegi47.com

fjsibao.com

yetbor.com

goldenvalueable.com

finalexam-thegame.com

buyeverythingforbaby.com

phillydroneservices.com

xn--kck4cd0r.net

suns-brothers.com

xn--80aaxkmix.xn--p1acf

pjsgsc.com

7985699.com

blackmantech.fitness

acernoxsas.com

verochfotografa.com

az-pcp.com

clonegrandma.com

elpis-catering.com

gujaratmba.com

samanthataylordesigns.com

sinisviaggi.com

likehowto.com

ueoxx.com

americanscreentest.com

taniakarina.com

nevomo.group

syduit.com

elticrecruit.com

xn--v1bmo9dufsb.com

valid8.network

vt999app.net

privateselights.com

xpddwrfj.icu

mex33.info

ekolucky.com

v6b9.com

winnijermaynezigmund.site

papofabri.com

ranguanglian.club

vinegret.com

sorelaxedmassage.com

vr-club.site

raison-sociale.com

Targets
Target

dot.dot

MD5

40f03856876fda8b3bda880d1d5a4636

Filesize

12KB

Score
10 /10
SHA1

d252c054154c5524dfbf3f3238b32f711290fd36

SHA256

a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81

SHA512

559a93f09a07a3aa13ffce038ef2d47a1b73ef6301fd2799a9b3cae99b3e7b652e65951a318cbe7bc31ae25ffeb05c644b08f306553ec9c70b4e60794e1e6687

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    1/10