Overview

overview

10

Static

static

1

c0eb90010d...cb.exe

windows7_x64

10

c0eb90010d...cb.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c0eb90010d882e33340c40bde08474cb.exe

  • Size

    257KB

  • Sample

    211012-ahv7qaafe5

  • MD5

    c0eb90010d882e33340c40bde08474cb

  • SHA1

    f76f7e4eff72ed9d5669cef62ecda5b65d051c84

  • SHA256

    014fdffc1561ee767b1189c5b496f587d16ba7d394ca9d26d2e7d6f8541ebc92

  • SHA512

    19cc012358ad74980a8f1e18bcad3718a5fb36559d5bbfe220c534c271cd8f2701cce06416438796b9dbcb97769d4b3467e0e23a13c49bc60e597e0a6ad49e13

Score
10/10
xloadermxnuloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mxnu

C2

http://www.naplesconciergerealty.com/mxnu/

Decoy

insightmyhome.com

gabriellamaxey.com

029atk.xyz

marshconstructions.com

technichoffghosts.com

blue-ivy-boutique-au.com

1sunsetgroup.com

elfkuhnispb.store

caoliudh.club

verifiedpaypal.net

jellyice-tr.com

gatescres.com

bloomberq.online

crystaltopagent.net

uggs-line.com

ecommerceplatform.xyz

historyofcambridge.com

sattaking-gaziabad.xyz

digisor.com

beachpawsmobilegrooming.com

Targets

    • Target

      c0eb90010d882e33340c40bde08474cb.exe

    • Size

      257KB

    • MD5

      c0eb90010d882e33340c40bde08474cb

    • SHA1

      f76f7e4eff72ed9d5669cef62ecda5b65d051c84

    • SHA256

      014fdffc1561ee767b1189c5b496f587d16ba7d394ca9d26d2e7d6f8541ebc92

    • SHA512

      19cc012358ad74980a8f1e18bcad3718a5fb36559d5bbfe220c534c271cd8f2701cce06416438796b9dbcb97769d4b3467e0e23a13c49bc60e597e0a6ad49e13

    Score
    10/10
    xloadermxnuloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks