Overview

overview

10

Static

static

1

New order 7nbm471.exe

windows7_x64

10

New order 7nbm471.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New order 7nbm471.zip

  • Size

    274KB

  • Sample

    211105-hc784aagd8

  • MD5

    a20ac856a072adbd58811f98ee3bc49f

  • SHA1

    138ceb5c50387ab40339561409397b6f5d59b6b0

  • SHA256

    d8b561c208cf5d6425814ba4b685a6b80816715a804aec36dffe3e0bc29e73fa

  • SHA512

    091f938fc2d068deb3d67b53f1e1159063fc79e17e4b5f956b8720defdb687fe9c795a414d6edfd53a61ce3927e24276d356822bf7a48ca4f8029adf37135fd4

Score
10/10
xloaderu9xnloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u9xn

C2

http://www.crisisinterventionadvocates.com/u9xn/

Decoy

lifeguardingcoursenearme.com

bolsaspapelcdmx.com

parsleypkllqu.xyz

68134.online

shopthatlookboutique.com

canlibahisportal.com

oligopoly.city

srchwithus.online

151motors.com

17yue.info

auntmarysnj.com

hanansalman.com

heyunshangcheng.info

doorslamersplus.com

sfcn-dng.com

highvizpeople.com

seoexpertinbangladesh.com

christinegagnonjewellery.com

artifactorie.biz

mre3.net

Targets

    • Target

      New order 7nbm471.exe

    • Size

      287KB

    • MD5

      799da86c201ef4652c1f8ca1ce49373f

    • SHA1

      dec072bcf61ecccef4d330ec0fd70823994bd3b9

    • SHA256

      253a4d6b49703d6dfbf3aeadd226ea692997edfb4bd0df7c6e97b7cffd1ef2f2

    • SHA512

      f7cac00d671c31558de18b548fc994d4ad7bbbcd583b5a62840bb97e67f55cec429ae6ad42f0b23ac0f857b201d230ddd776a8b6757f335111707878c201b6a7

    Score
    10/10
    xloaderu9xnloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks