Malware sandboxing report by Hatching Triage

Target

100197.doc

Size

190KB

Sample

211110-jdj4bsdfhp

Score

10^/10

MD5

a51beb4cee3604bc8ab1c7c9f5e7d5c1

SHA1

22d24e750b96783e24da802dcac3e4367d83befa

SHA256

59de39d60fee5b2a853c4e4bd62ce6ea5054373938b8afbb159d60102f88e989

SHA512

c406ee9bfb3425caf97e26626dbba30aa7a305be0f1732f2a7b4225e877468a0b12aa531d0c495bb3aac6f192966e92daa419ec01ec94e5f5ef50a8f851fc543

Extracted

Family	xloader
Version	2.5
Campaign	unzn
C2	http://www.davanamays.com/unzn/ http://www.davanamays.com/unzn/
Decoy	xiulf.com highcountrymortar.com 523561.com marketingagency.tools ganmovie.net nationaalcontactpunt.com sirrbter.com begizas.xyz missimi-fashion.com munixc.info daas.support spaceworbc.com faithtruthresolve.com gymkub.com thegrayverse.xyz artisanmakefurniture.com 029tryy.com ijuubx.biz iphone13promax.club techuniversus.com samrgov.xyz grownupcurl.com sj0755.net beekeeperkit.com richessesabondantes.com xclgjgjh.net webworkscork.com vedepviet365.com bretabeameven.com cdzsmhw.com clearperspective.biz tigrg5g784sh.biz bbezan011.xyz mycar.store mansooralobeidli.com ascensionmemberszoom.com unlimitedrehab.com wozka.top askylarkgoods.com rj793.com prosvalor.com primetimeexpress.com boixosnoisperu.com mmasportgear.com concertiranian.net hyponymys.info maila.one yti0fyic.xyz shashiprayag.com speedprosmotorsports.com westchestercountyjunkcars.com patienceinmypocket.com rausachbaoloc.com plexregroup.com outsydercs.com foodandflour.com lenacrypto.xyz homeservicetoday.net marthaperry.com vmtcyd4q8.com shamefulguys.com loccssol.store gnarledportra.xyz 042atk.xyz xiulf.com highcountrymortar.com 523561.com marketingagency.tools ganmovie.net nationaalcontactpunt.com sirrbter.com begizas.xyz missimi-fashion.com munixc.info daas.support spaceworbc.com faithtruthresolve.com gymkub.com thegrayverse.xyz artisanmakefurniture.com 029tryy.com ijuubx.biz iphone13promax.club techuniversus.com samrgov.xyz grownupcurl.com sj0755.net beekeeperkit.com richessesabondantes.com xclgjgjh.net webworkscork.com vedepviet365.com bretabeameven.com cdzsmhw.com clearperspective.biz tigrg5g784sh.biz bbezan011.xyz mycar.store mansooralobeidli.com ascensionmemberszoom.com unlimitedrehab.com wozka.top askylarkgoods.com rj793.com prosvalor.com primetimeexpress.com boixosnoisperu.com mmasportgear.com concertiranian.net hyponymys.info maila.one yti0fyic.xyz shashiprayag.com speedprosmotorsports.com westchestercountyjunkcars.com patienceinmypocket.com rausachbaoloc.com plexregroup.com outsydercs.com foodandflour.com lenacrypto.xyz homeservicetoday.net marthaperry.com vmtcyd4q8.com shamefulguys.com loccssol.store gnarledportra.xyz 042atk.xyz

Target

100197.doc

MD5

a51beb4cee3604bc8ab1c7c9f5e7d5c1

Filesize

190KB

Score

10^/10

SHA1

22d24e750b96783e24da802dcac3e4367d83befa

SHA256

59de39d60fee5b2a853c4e4bd62ce6ea5054373938b8afbb159d60102f88e989

SHA512

c406ee9bfb3425caf97e26626dbba30aa7a305be0f1732f2a7b4225e877468a0b12aa531d0c495bb3aac6f192966e92daa419ec01ec94e5f5ef50a8f851fc543

Signatures

Xloader
Description

Xloader is a rebranded version of Formbook malware.
Tags

loader xloader
suricata: ET MALWARE FormBook CnC Checkin (GET)
Description

suricata: ET MALWARE FormBook CnC Checkin (GET)
Tags

suricata
Xloader Payload
Tags

rat
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exploitation for Client Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

Score

N/A

behavioral1

xloader unzn loader rat suricata

Score

10^/10

behavioral2

Score

1^/10

Extracted

Tags

Signatures

Xloader

Description

Tags

suricata: ET MALWARE FormBook CnC Checkin (GET)

Description

Tags

Xloader Payload

Tags

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2