Malware sandboxing report by Hatching Triage

Target

1dadf13b8e0441e370eacb0b774c64e9

Size

428KB

Sample

211111-xbrmaabhe8

Score

10^/10

MD5

1dadf13b8e0441e370eacb0b774c64e9

SHA1

ad139b332854cdb6afb1c25548c72e5f59cda993

SHA256

211285d0278cfa608b2f7e0280641bdb07816ddca9fb7b8d70d9f0c8cf7bdb6e

SHA512

e086f7238871070896e2454e1ab6c6f7248039742d67089f8e7c14fabbc890ca23b3ca1d240881f386af316f15f9192f20df85b15bf4d9c7b27ce4305098eb50

Extracted

Family	xloader
Version	2.5
Campaign	unzn
C2	http://www.davanamays.com/unzn/ http://www.davanamays.com/unzn/
Decoy	xiulf.com highcountrymortar.com 523561.com marketingagency.tools ganmovie.net nationaalcontactpunt.com sirrbter.com begizas.xyz missimi-fashion.com munixc.info daas.support spaceworbc.com faithtruthresolve.com gymkub.com thegrayverse.xyz artisanmakefurniture.com 029tryy.com ijuubx.biz iphone13promax.club techuniversus.com samrgov.xyz grownupcurl.com sj0755.net beekeeperkit.com richessesabondantes.com xclgjgjh.net webworkscork.com vedepviet365.com bretabeameven.com cdzsmhw.com clearperspective.biz tigrg5g784sh.biz bbezan011.xyz mycar.store mansooralobeidli.com ascensionmemberszoom.com unlimitedrehab.com wozka.top askylarkgoods.com rj793.com prosvalor.com primetimeexpress.com boixosnoisperu.com mmasportgear.com concertiranian.net hyponymys.info maila.one yti0fyic.xyz shashiprayag.com speedprosmotorsports.com westchestercountyjunkcars.com patienceinmypocket.com rausachbaoloc.com plexregroup.com outsydercs.com foodandflour.com lenacrypto.xyz homeservicetoday.net marthaperry.com vmtcyd4q8.com shamefulguys.com loccssol.store gnarledportra.xyz 042atk.xyz xiulf.com highcountrymortar.com 523561.com marketingagency.tools ganmovie.net nationaalcontactpunt.com sirrbter.com begizas.xyz missimi-fashion.com munixc.info daas.support spaceworbc.com faithtruthresolve.com gymkub.com thegrayverse.xyz artisanmakefurniture.com 029tryy.com ijuubx.biz iphone13promax.club techuniversus.com samrgov.xyz grownupcurl.com sj0755.net beekeeperkit.com richessesabondantes.com xclgjgjh.net webworkscork.com vedepviet365.com bretabeameven.com cdzsmhw.com clearperspective.biz tigrg5g784sh.biz bbezan011.xyz mycar.store mansooralobeidli.com ascensionmemberszoom.com unlimitedrehab.com wozka.top askylarkgoods.com rj793.com prosvalor.com primetimeexpress.com boixosnoisperu.com mmasportgear.com concertiranian.net hyponymys.info maila.one yti0fyic.xyz shashiprayag.com speedprosmotorsports.com westchestercountyjunkcars.com patienceinmypocket.com rausachbaoloc.com plexregroup.com outsydercs.com foodandflour.com lenacrypto.xyz homeservicetoday.net marthaperry.com vmtcyd4q8.com shamefulguys.com loccssol.store gnarledportra.xyz 042atk.xyz

Target

1dadf13b8e0441e370eacb0b774c64e9

MD5

1dadf13b8e0441e370eacb0b774c64e9

Filesize

428KB

Score

10^/10

SHA1

ad139b332854cdb6afb1c25548c72e5f59cda993

SHA256

211285d0278cfa608b2f7e0280641bdb07816ddca9fb7b8d70d9f0c8cf7bdb6e

SHA512

e086f7238871070896e2454e1ab6c6f7248039742d67089f8e7c14fabbc890ca23b3ca1d240881f386af316f15f9192f20df85b15bf4d9c7b27ce4305098eb50

Signatures

Xloader
Description

Xloader is a rebranded version of Formbook malware.
Tags

loader xloader
Xloader Payload
Tags

rat
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

Score

N/A

behavioral1

xloader unzn loader rat

Score

10^/10

behavioral2

xloader unzn loader rat

Score

10^/10

Extracted

Tags

Signatures

Xloader

Description

Tags

Xloader Payload

Tags

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2