686dc98567009e47eac88e95804b9dde.exe

General
Target

686dc98567009e47eac88e95804b9dde.exe

Size

172KB

Sample

210722-6jp7myk7kx

Score
10 /10
MD5

686dc98567009e47eac88e95804b9dde

SHA1

5788c30289d12f69d5cf323049d8d3c3a3e73cda

SHA256

11d84c7f9c579c2e58f4acc04d488d5f1c6cc0439609099eabec42444f5ef952

SHA512

1450afd067710a6c2385858a2d4c7a0afeb02516885ec2515de696fc89c18f985097089af39708ba0e8088547f6fcc0a6285136a5175c169be764d9ec40924ce

Malware Config

Extracted

Family xloader
Version 2.3
C2

http://www.extinctionbrews.com/dy8g/

Decoy

mzyxi-rkah-y.net

okinawarongnho.com

qq66520.com

nimbus.watch

cwdelrio.com

regalshopper.com

avito-payment.life

jorgeporcayo.com

galvinsky.digital

guys-only.com

asmfruits-almacenes.com

boatrace-life04.net

cochez.club

thelastvictor.net

janieleconte.com

ivoirepneus.com

saludflv.info

mydreamtv.net

austinphy.com

cajunseafoodstcloud.com

13006608192.com

clear3media.com

thegrowclinic.com

findfoodshop.com

livegaming.store

greensei.com

atmaapothecary.com

builtbydawn.com

wthcoffee.com

melodezu.com

oikoschain.com

matcitekids.com

killrstudio.com

doityourselfism.com

monsoonnerd.com

swissbankmusic.com

envisionfordheights.com

invisiongc.net

aizaibali.com

professioneconsulenza.net

chaneabond.com

theamercianhouseboat.com

scuolatua.com

surivaganza.com

xn--vuq722jwngjre.com

quiteimediato.space

ecofingers.com

manageoceanaccount.com

cindywillardrealtor.com

garimpeirastore.online

Targets
Target

686dc98567009e47eac88e95804b9dde.exe

MD5

686dc98567009e47eac88e95804b9dde

Filesize

172KB

Score
10 /10
SHA1

5788c30289d12f69d5cf323049d8d3c3a3e73cda

SHA256

11d84c7f9c579c2e58f4acc04d488d5f1c6cc0439609099eabec42444f5ef952

SHA512

1450afd067710a6c2385858a2d4c7a0afeb02516885ec2515de696fc89c18f985097089af39708ba0e8088547f6fcc0a6285136a5175c169be764d9ec40924ce

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10