36e60a2ecd13869a78ad7bc9312681d0

General
Target

36e60a2ecd13869a78ad7bc9312681d0

Size

255KB

Sample

211021-pkk7vsacd8

Score
10 /10
MD5

36e60a2ecd13869a78ad7bc9312681d0

SHA1

8ef2422980fe2641a0d101fa1649fc24c43c2e97

SHA256

b6d84072166800bd1d35ca9265107d6f26496c7375411ca818046c5a28dee9d9

SHA512

bcdfe6f2b4db1dedac564e4e50de65ef1387e9613a063bc118b9da3f66c08587aebd90923a6706ca22ddd334e7796d7c214b3636ce49c5acf0b533fd2d834a36

Malware Config

Extracted

Family xloader
Version 2.5
Campaign mxnu
C2

http://www.naplesconciergerealty.com/mxnu/

Decoy

insightmyhome.com

gabriellamaxey.com

029atk.xyz

marshconstructions.com

technichoffghosts.com

blue-ivy-boutique-au.com

1sunsetgroup.com

elfkuhnispb.store

caoliudh.club

verifiedpaypal.net

jellyice-tr.com

gatescres.com

bloomberq.online

crystaltopagent.net

uggs-line.com

ecommerceplatform.xyz

historyofcambridge.com

sattaking-gaziabad.xyz

digisor.com

beachpawsmobilegrooming.com

whitebot.xyz

zacky6.online

qlfa8gzk8f.com

scottjasonfowler.com

influxair.com

desongli.com

xn--w7uy63f0ne2sj.com

pinup722bk.com

haohuatour.com

dharmathinkural.com

hanjyu.com

tbrhc.com

clarityflux.com

meltonandcompany.com

revgeek.com

onehigh.club

closetu.com

yama-nkok.com

brandonhistoryandinfo.com

funkidsroomdecor.com

epilasyonmerkeziankara.com

265411.com

watch12.online

dealsbonaza.com

gold2guide.art

tomclark.online

877961.com

washingtonboatrentals.com

promovart.com

megapollice.online

Targets
Target

36e60a2ecd13869a78ad7bc9312681d0

MD5

36e60a2ecd13869a78ad7bc9312681d0

Filesize

255KB

Score
10/10
SHA1

8ef2422980fe2641a0d101fa1649fc24c43c2e97

SHA256

b6d84072166800bd1d35ca9265107d6f26496c7375411ca818046c5a28dee9d9

SHA512

bcdfe6f2b4db1dedac564e4e50de65ef1387e9613a063bc118b9da3f66c08587aebd90923a6706ca22ddd334e7796d7c214b3636ce49c5acf0b533fd2d834a36

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10