Overview

overview

10

Static

static

1

PAIEMENT1.exe

windows7_x64

10

PAIEMENT1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAIEMENT1.zip

  • Size

    304KB

  • Sample

    211110-nc2dfaghc9

  • MD5

    45a2cc28f8b1d455e867b376c57cad79

  • SHA1

    831dd28eef758e1dbc56bd68a43bb6d2e6496878

  • SHA256

    5f3775f376c0ba2a894657f291b45e3d9a0a9ecd6a93162141dda0b9e9bc6e04

  • SHA512

    ae081214366ff325dcb45edb348fcbde72bfab18fd6cc38c649e0f9364e6d12d5dd6d5b05aca73b3e7d4a1f6803cb2663637a57807d614c41400009d3878214f

Score
10/10
xloaderu9xnloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u9xn

C2

http://www.crisisinterventionadvocates.com/u9xn/

Decoy

lifeguardingcoursenearme.com

bolsaspapelcdmx.com

parsleypkllqu.xyz

68134.online

shopthatlookboutique.com

canlibahisportal.com

oligopoly.city

srchwithus.online

151motors.com

17yue.info

auntmarysnj.com

hanansalman.com

heyunshangcheng.info

doorslamersplus.com

sfcn-dng.com

highvizpeople.com

seoexpertinbangladesh.com

christinegagnonjewellery.com

artifactorie.biz

mre3.net

Targets

    • Target

      PAIEMENT1.exe

    • Size

      424KB

    • MD5

      4a40bc732ce463e10ae463ee7b890242

    • SHA1

      090fea71d8bc7abe48ea0d36d91a38ecf49f83d8

    • SHA256

      1ac69ae85debbb73ec8b2bc1252374eb717b757b61819a012a8eedbac1148cd5

    • SHA512

      d0efc801cb42571030a7e4381004eb1f1e3ee2c560726d1be48b8e17c23a5a5604a2e6e142b7354219957bd37cdb2e5eb5d1c1d5748018d88e5733594e4435df

    Score
    10/10
    xloaderu9xnloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks