5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

General
Target

5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

Size

569KB

Sample

211014-f6nqfagcd5

Score
10 /10
MD5

d369781ed2d0848e769bd4e466318920

SHA1

4808ca1792f13e061bf29b055ae83a5edaf18e3b

SHA256

5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

SHA512

5a83149de7eba4f736719892025eda984cfe40069e9b8916a4f44338d8c34d9e9346a24f05e2f8c0b67d2d4183ba0f4ea17dd322c1095844412bce329c233688

Malware Config

Extracted

Family xloader
Version 2.5
Campaign ef6c
C2

http://www.fis.photos/ef6c/

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

xn--90armbk7e.online

xzq585858.net

kidzgovroom.com

lhznqyl.press

publicationsplace.com

jakante.com

csspadding.com

test-testjisdnsec.store

lafabriqueabeilleassurances.com

clf010.com

buybabysnuggle.com

uzmdrmustafaalperaykanat.com

levanttradegroup.com

arcflorals.com

kinglot2499.com

freekagyans.com

region10group.gmbh

yeyelm744.com

thehomedesigncentre.com

vngc.xyz

szesdkj.com

charlottewright.online

planetgreennetwork.com

pacifica7.com

analogueadapt.com

sensorypantry.com

narbaal.com

restaurant-utopia.xyz

golnay.com

szyyglass.com

Targets
Target

5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

MD5

d369781ed2d0848e769bd4e466318920

Filesize

569KB

Score
10 /10
SHA1

4808ca1792f13e061bf29b055ae83a5edaf18e3b

SHA256

5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

SHA512

5a83149de7eba4f736719892025eda984cfe40069e9b8916a4f44338d8c34d9e9346a24f05e2f8c0b67d2d4183ba0f4ea17dd322c1095844412bce329c233688

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10