General
Target

payment.exe

Size

301KB

Sample

211105-qwqgdsbhb3

Score
10/10
MD5

c662f5f92a309035df41c2fa8ceec901

SHA1

2555dbb5bf478e472d834d7fee163fa75598eabf

SHA256

43205d5f8958ebc397086aa525220e381f4b0da942f071f236bdbe21280fe1b8

SHA512

8984f03fc2e0849c7e7ade5112158a6375d1b148beeddf35569410f56b1efa92796cac9ec6e94f0e71198fadf6b44cf3e3785eeb75cbd5483d1138d6ed9bc7ff

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

unzn

C2

http://www.davanamays.com/unzn/

Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

samrgov.xyz

grownupcurl.com

sj0755.net

beekeeperkit.com

richessesabondantes.com

xclgjgjh.net

webworkscork.com

vedepviet365.com

bretabeameven.com

cdzsmhw.com

clearperspective.biz

tigrg5g784sh.biz

bbezan011.xyz

mycar.store

mansooralobeidli.com

ascensionmemberszoom.com

unlimitedrehab.com

wozka.top

askylarkgoods.com

rj793.com

prosvalor.com

primetimeexpress.com

boixosnoisperu.com

mmasportgear.com

concertiranian.net

hyponymys.info

maila.one

yti0fyic.xyz

shashiprayag.com

speedprosmotorsports.com

Targets
Target

payment.exe

MD5

c662f5f92a309035df41c2fa8ceec901

Filesize

301KB

Score
10/10
SHA1

2555dbb5bf478e472d834d7fee163fa75598eabf

SHA256

43205d5f8958ebc397086aa525220e381f4b0da942f071f236bdbe21280fe1b8

SHA512

8984f03fc2e0849c7e7ade5112158a6375d1b148beeddf35569410f56b1efa92796cac9ec6e94f0e71198fadf6b44cf3e3785eeb75cbd5483d1138d6ed9bc7ff

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        1/10

                        behavioral1

                        Score
                        7/10

                        behavioral2

                        Score
                        10/10