Malware sandboxing report by Hatching Triage

Target

payment.exe

Size

301KB

Sample

211105-qwqgdsbhb3

Score

10^/10

MD5

c662f5f92a309035df41c2fa8ceec901

SHA1

2555dbb5bf478e472d834d7fee163fa75598eabf

SHA256

43205d5f8958ebc397086aa525220e381f4b0da942f071f236bdbe21280fe1b8

SHA512

8984f03fc2e0849c7e7ade5112158a6375d1b148beeddf35569410f56b1efa92796cac9ec6e94f0e71198fadf6b44cf3e3785eeb75cbd5483d1138d6ed9bc7ff

Extracted

Family	xloader
Version	2.5
Campaign	unzn
C2	http://www.davanamays.com/unzn/ http://www.davanamays.com/unzn/
Decoy	xiulf.com highcountrymortar.com 523561.com marketingagency.tools ganmovie.net nationaalcontactpunt.com sirrbter.com begizas.xyz missimi-fashion.com munixc.info daas.support spaceworbc.com faithtruthresolve.com gymkub.com thegrayverse.xyz artisanmakefurniture.com 029tryy.com ijuubx.biz iphone13promax.club techuniversus.com samrgov.xyz grownupcurl.com sj0755.net beekeeperkit.com richessesabondantes.com xclgjgjh.net webworkscork.com vedepviet365.com bretabeameven.com cdzsmhw.com clearperspective.biz tigrg5g784sh.biz bbezan011.xyz mycar.store mansooralobeidli.com ascensionmemberszoom.com unlimitedrehab.com wozka.top askylarkgoods.com rj793.com prosvalor.com primetimeexpress.com boixosnoisperu.com mmasportgear.com concertiranian.net hyponymys.info maila.one yti0fyic.xyz shashiprayag.com speedprosmotorsports.com westchestercountyjunkcars.com patienceinmypocket.com rausachbaoloc.com plexregroup.com outsydercs.com foodandflour.com lenacrypto.xyz homeservicetoday.net marthaperry.com vmtcyd4q8.com shamefulguys.com loccssol.store gnarledportra.xyz 042atk.xyz xiulf.com highcountrymortar.com 523561.com marketingagency.tools ganmovie.net nationaalcontactpunt.com sirrbter.com begizas.xyz missimi-fashion.com munixc.info daas.support spaceworbc.com faithtruthresolve.com gymkub.com thegrayverse.xyz artisanmakefurniture.com 029tryy.com ijuubx.biz iphone13promax.club techuniversus.com samrgov.xyz grownupcurl.com sj0755.net beekeeperkit.com richessesabondantes.com xclgjgjh.net webworkscork.com vedepviet365.com bretabeameven.com cdzsmhw.com clearperspective.biz tigrg5g784sh.biz bbezan011.xyz mycar.store mansooralobeidli.com ascensionmemberszoom.com unlimitedrehab.com wozka.top askylarkgoods.com rj793.com prosvalor.com primetimeexpress.com boixosnoisperu.com mmasportgear.com concertiranian.net hyponymys.info maila.one yti0fyic.xyz shashiprayag.com speedprosmotorsports.com westchestercountyjunkcars.com patienceinmypocket.com rausachbaoloc.com plexregroup.com outsydercs.com foodandflour.com lenacrypto.xyz homeservicetoday.net marthaperry.com vmtcyd4q8.com shamefulguys.com loccssol.store gnarledportra.xyz 042atk.xyz

Target

payment.exe

MD5

c662f5f92a309035df41c2fa8ceec901

Filesize

301KB

Score

10^/10

SHA1

2555dbb5bf478e472d834d7fee163fa75598eabf

SHA256

43205d5f8958ebc397086aa525220e381f4b0da942f071f236bdbe21280fe1b8

SHA512

8984f03fc2e0849c7e7ade5112158a6375d1b148beeddf35569410f56b1efa92796cac9ec6e94f0e71198fadf6b44cf3e3785eeb75cbd5483d1138d6ed9bc7ff

Signatures

Xloader
Description

Xloader is a rebranded version of Formbook malware.
Tags

loader xloader
Xloader Payload
Tags

rat
Loads dropped DLL
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

Score

1^/10

behavioral1

Score

7^/10

behavioral2

xloader unzn loader rat

Score

10^/10

Extracted

Tags

Signatures

Xloader

Description

Tags

Xloader Payload

Tags

Loads dropped DLL

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2