3ee47ef2fed1383543fed2509ee9d533.exe

General
Target

3ee47ef2fed1383543fed2509ee9d533.exe

Size

201KB

Sample

210408-jap9jwy5ae

Score
10 /10
MD5

3ee47ef2fed1383543fed2509ee9d533

SHA1

25bb17677a44eef76caab249e90188e2b6263b98

SHA256

6a708470ee13d86b51352b69e755a9bcbd2730ecef34133dd1b5ed10b95f56a3

SHA512

e42958a2b5d334fff9cbbb03259df1583be3bcb43807e786d6f896f1c78af22dfc8110687c4e6e5bca7a2a6a9a586af537568780b801258e9718d080c8507106

Malware Config

Extracted

Family xloader
Version 2.3
C2

http://www.856380692.xyz/nsag/

Decoy

usopencoverage.com

5bo5j.com

deliveryourvote.com

bestbuycarpethd.com

worldsourcecloud.com

glowtheblog.com

translations.tools

ithacapella.com

machinerysubway.com

aashlokhospitals.com

athara-kiano.com

anabittencourt.com

hakimkhawatmi.com

fashionwatchesstore.com

krishnagiri.info

tencenttexts.com

kodairo.com

ouitum.club

robertbeauford.net

polling.asia

evoslancete.com

4676sabalkey.com

chechadskeitaro.com

babyhopeful.com

11376.xyz

oryanomer.com

jyxxfy.com

scanourworld.com

thevistadrinksco.com

meow-cafe.com

xfixpros.com

botaniquecouture.com

bkhlep.xyz

mauriciozarate.com

icepolo.com

siyezim.com

myfeezinc.com

nooshone.com

wholesalerbargains.com

winabeel.com

frankfrango.com

patientsbooking.info

ineedahealer.com

thefamilyorchard.net

clericallyco.com

overseaexpert.com

bukaino.net

womens-secrets.love

skinjunkie.site

dccheavydutydiv.net

Targets
Target

3ee47ef2fed1383543fed2509ee9d533.exe

MD5

3ee47ef2fed1383543fed2509ee9d533

Filesize

201KB

Score
10 /10
SHA1

25bb17677a44eef76caab249e90188e2b6263b98

SHA256

6a708470ee13d86b51352b69e755a9bcbd2730ecef34133dd1b5ed10b95f56a3

SHA512

e42958a2b5d334fff9cbbb03259df1583be3bcb43807e786d6f896f1c78af22dfc8110687c4e6e5bca7a2a6a9a586af537568780b801258e9718d080c8507106

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10