PO7321.exe

General
Target

PO7321.exe

Size

562KB

Sample

210408-vnw8vxcw9j

Score
10 /10
MD5

774eca4068dce6d3db505c49af0a516e

SHA1

7708d1ed2bb3166bf74d0e92ac95bb8e379e1cf4

SHA256

3a96891372a8578aab18d70a377d68a795ab2f92c4c97c5f0986d7f1006490d1

SHA512

b9534efd5b6d87f87cc5a83f3e8a8875600f059bcfef60daa5526908cb0414d291682953cae75fab6c48805cfa9f5711f2b6dac04b299741a78a71f82b3954e0

Malware Config

Extracted

Family xloader
Version 2.3
C2

http://www.013y.com/pnqr/

Decoy

bullexch9.com

hiiidesigns.com

yosapark-gakuenmae.com

movementinspires.com

orlandas.com

flowga.world

opende.info

jiconic.com

selviclothingco.com

herbalmedicineresearch.com

contex33.xyz

riord.com

alchemistslibrary.com

ecalyte.com

tutu119.com

61ue00.com

properwayllc.com

tamitoe.com

adacompliantsoftware.com

deliabe.com

edrcounselling.group

indigoconsultinguganda.com

stjom.church

vegansonfire.com

bostonimaginggroup.com

greenchilicountryjamboree.com

culvercoop.com

northlakerental.com

lpp888.xyz

hostinganl.com

spin889988.club

thedoctornearme.com

luolan99.com

gamers-casino.space

dailyovertips.com

torer.net

fuhrerscheindienst.com

diysergeant.com

neuralnuture.net

hysplashes.xyz

tretkurbel.site

ccelaya.com

electricalpanelmonterey.com

hullabaloocookies.com

sunnyshousebrooklyn.com

mini-jeep-willys.online

angelaharriotthomes.com

vpathletics.online

moeginokai.com

jesusistderweg.info

Targets
Target

PO7321.exe

MD5

774eca4068dce6d3db505c49af0a516e

Filesize

562KB

Score
10 /10
SHA1

7708d1ed2bb3166bf74d0e92ac95bb8e379e1cf4

SHA256

3a96891372a8578aab18d70a377d68a795ab2f92c4c97c5f0986d7f1006490d1

SHA512

b9534efd5b6d87f87cc5a83f3e8a8875600f059bcfef60daa5526908cb0414d291682953cae75fab6c48805cfa9f5711f2b6dac04b299741a78a71f82b3954e0

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      1/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10