a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

General
Target

a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

Size

252KB

Sample

210924-qd9gjshah7

Score
10 /10
MD5

0b042901cc8cebe4ad918f889d8928e0

SHA1

7f03f52d593e4fea5e13525d7e213cc950f3d84a

SHA256

a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

SHA512

87cc3b720ba5b0901963fdeee60254992931a4ea3cd36b2dcd1aeb886563e9e7c39619b5c17716557b2b6a652052c717d9314b724b5dc0b48f3e36ade0aa52f9

Malware Config

Extracted

Family xloader
Version 2.5
Campaign noha
C2

http://www.mglracing.com/noha/

Decoy

iphone13promax.support

trailer-racks.xyz

overseaspoolservice.com

r2d2u.com

dawajeju.com

nextgenproxyvote.com

xn--vhqp8mm8dbtz.group

commonsenserisk.com

cmcqgxtyd.com

data2form.com

bois-applique.com

originallollipop.com

lj0008lj.net

spfldvaccineday.info

phalcosnusa.com

llcmastermachine.com

onlyforu14.rest

bestmarketingautomations.com

officialswitchmusic.com

thepretenseofjustice.com

authenticradio.net

standardizedsubmissions.com

aegnoshipping.com

478762.com

inclusionchecks.com

number-is-04.net

yyds9527.space

big-thought.com

controle2.email

groupninemed.com

fisworkdeck.com

imonbayazid.com

pixlrz.com

headlinebysmp.com

simulatefuck.com

efficientmother.com

wkshops22012.xyz

artehamburguer.com

beauallenpoetry.com

bonairemarathon.com

sprintfingers.com

ranbix.com

denghaoxin.club

jillianvansice.com

purpledge.com

mariadimitropoulou.com

surveyplanetgroup.tech

apocalyptoapertureserrature.net

cbd-cannabis.store

dirtcheapfire.com

Targets
Target

a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

MD5

0b042901cc8cebe4ad918f889d8928e0

Filesize

252KB

Score
10 /10
SHA1

7f03f52d593e4fea5e13525d7e213cc950f3d84a

SHA256

a7acd97fcff334160640901d977010aa55397f5a6da375ab38bcb1622b800f7d

SHA512

87cc3b720ba5b0901963fdeee60254992931a4ea3cd36b2dcd1aeb886563e9e7c39619b5c17716557b2b6a652052c717d9314b724b5dc0b48f3e36ade0aa52f9

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10