General

  • Target

    1dadf13b8e0441e370eacb0b774c64e9

  • Size

    428KB

  • Sample

    211111-xbrmaabhe8

  • MD5

    1dadf13b8e0441e370eacb0b774c64e9

  • SHA1

    ad139b332854cdb6afb1c25548c72e5f59cda993

  • SHA256

    211285d0278cfa608b2f7e0280641bdb07816ddca9fb7b8d70d9f0c8cf7bdb6e

  • SHA512

    e086f7238871070896e2454e1ab6c6f7248039742d67089f8e7c14fabbc890ca23b3ca1d240881f386af316f15f9192f20df85b15bf4d9c7b27ce4305098eb50

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

unzn

C2

http://www.davanamays.com/unzn/

Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

Targets

    • Target

      1dadf13b8e0441e370eacb0b774c64e9

    • Size

      428KB

    • MD5

      1dadf13b8e0441e370eacb0b774c64e9

    • SHA1

      ad139b332854cdb6afb1c25548c72e5f59cda993

    • SHA256

      211285d0278cfa608b2f7e0280641bdb07816ddca9fb7b8d70d9f0c8cf7bdb6e

    • SHA512

      e086f7238871070896e2454e1ab6c6f7248039742d67089f8e7c14fabbc890ca23b3ca1d240881f386af316f15f9192f20df85b15bf4d9c7b27ce4305098eb50

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks