Overview

overview

10

Static

static

SOA & INV ...21.exe

windows7_x64

10

SOA & INV ...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA & INV FOR OCT'21.exe

  • Size

    426KB

  • Sample

    211109-p73enafce5

  • MD5

    6807709a74cde5eafc0f8c668a13be81

  • SHA1

    460279d69c1ddd6d36ed25e7985e9e2bbad7ad65

  • SHA256

    696ba6fed0994cac4e47993f336820499cd3faf3ce4713d4e0be0ea0d91748af

  • SHA512

    bd75b2f3aaa316028e489eec30df49cd02ce6320ba3faebe24ac88f177434ca45638cb7118972ff86e9c16d2a44caf1cb400bcc42363fc9de7cbf96dd872f032

Score
10/10
xloaderu0n0loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

C2

http://www.52xjg3.xyz/u0n0/

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

    • Target

      SOA & INV FOR OCT'21.exe

    • Size

      426KB

    • MD5

      6807709a74cde5eafc0f8c668a13be81

    • SHA1

      460279d69c1ddd6d36ed25e7985e9e2bbad7ad65

    • SHA256

      696ba6fed0994cac4e47993f336820499cd3faf3ce4713d4e0be0ea0d91748af

    • SHA512

      bd75b2f3aaa316028e489eec30df49cd02ce6320ba3faebe24ac88f177434ca45638cb7118972ff86e9c16d2a44caf1cb400bcc42363fc9de7cbf96dd872f032

    Score
    10/10
    xloaderu0n0loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks