soa#2021011015.exe

Target

soa#2021011015.exe

Size

286KB

Sample

211115-n86yssaaf8

Score

10 ^/10

MD5

77f19e38f4e1eeb655d01114be0e710c

SHA1

a7bbc2ed7b159f441107d43dcceca5be98623556

SHA256

f9744d616627a9e5640bfb7cc0c88b03e52b53141f1647c57a3b3d77766d510d

SHA512

1c0f548fe3cc9e4a7ac16d7365b7f11f475b9e78daff61b548d1a7f45b7c5b633d82fdb770b079dfd51bbb0d5ee85a8891c411d1de925720184385071101db5f

Extracted

Family	xloader
Version	2.5
Campaign	e8ia
C2	http://www.helpfromjames.com/e8ia/ http://www.helpfromjames.com/e8ia/
Decoy	le-hameau-enchanteur.com quantumsystem-au.club engravedeeply.com yesrecompensas.lat cavallitowerofficials.com 800seaspray.com skifun-jetski.com thouartafoot.com nft2dollar.com petrestore.online cjcutthecord2.com tippimccullough.com gadget198.xyz djmiriam.com bitbasepay.com cukierniawz.com mcclureic.xyz inthekitchenshakinandbakin.com busy-clicks.com melaniemorris.online elysiangp.com 7bkj.com wakeanddraw.com ascalar.com iteraxon.com henleygirlscricket.com torresflooringdecorllc.com helgquieta.quest xesteem.com graffity-aws.com bolerparts.com andriylysenko.com bestinvest-4-you.com frelsicycling.com airductcleaningindianapolis.net nlproperties.net alkoora.xyz sakiyaman.com wwwsmyrnaschooldistrict.com unitedsafetyassociation.com fiveallianceapparel.com edgelordkids.com herhauling.com intelldat.com weprepareamerica-planet.com webartsolution.net yiquge.com marraasociados.com dentalimplantnearyou-ca.space linemanbible.com dunamisdispatchservicellc.com latamoperationalinstitute.com stpaulsschoolbagidora.com groupninemed.com solar-tribe.com footairdz.com blttsperma.quest xfeuio.xyz sahodyafbdchapter.com 0934800.com dandftrading.com gladway.net mineriasinmercurio.com inaampm.com le-hameau-enchanteur.com quantumsystem-au.club engravedeeply.com yesrecompensas.lat cavallitowerofficials.com 800seaspray.com skifun-jetski.com thouartafoot.com nft2dollar.com petrestore.online cjcutthecord2.com tippimccullough.com gadget198.xyz djmiriam.com bitbasepay.com cukierniawz.com mcclureic.xyz inthekitchenshakinandbakin.com busy-clicks.com melaniemorris.online elysiangp.com 7bkj.com wakeanddraw.com ascalar.com iteraxon.com henleygirlscricket.com torresflooringdecorllc.com helgquieta.quest xesteem.com graffity-aws.com bolerparts.com andriylysenko.com bestinvest-4-you.com frelsicycling.com airductcleaningindianapolis.net nlproperties.net alkoora.xyz sakiyaman.com wwwsmyrnaschooldistrict.com unitedsafetyassociation.com fiveallianceapparel.com edgelordkids.com herhauling.com intelldat.com weprepareamerica-planet.com webartsolution.net yiquge.com marraasociados.com dentalimplantnearyou-ca.space linemanbible.com dunamisdispatchservicellc.com latamoperationalinstitute.com stpaulsschoolbagidora.com groupninemed.com solar-tribe.com footairdz.com blttsperma.quest xfeuio.xyz sahodyafbdchapter.com 0934800.com dandftrading.com gladway.net mineriasinmercurio.com inaampm.com

Target

soa#2021011015.exe

MD5

77f19e38f4e1eeb655d01114be0e710c

Filesize

286KB

Score

10^/10

SHA1

a7bbc2ed7b159f441107d43dcceca5be98623556

SHA256

f9744d616627a9e5640bfb7cc0c88b03e52b53141f1647c57a3b3d77766d510d

SHA512

1c0f548fe3cc9e4a7ac16d7365b7f11f475b9e78daff61b548d1a7f45b7c5b633d82fdb770b079dfd51bbb0d5ee85a8891c411d1de925720184385071101db5f

Signatures

Xloader
Description

Xloader is a rebranded version of Formbook malware.
Tags

loader xloader
Xloader Payload
Tags

rat
Deletes itself
Loads dropped DLL
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

1^/10

behavioral1

xloader e8ia loader rat

10^/10

behavioral2

xloader e8ia loader rat

10^/10

Extracted

Tags

Signatures

Xloader

Description

Tags

Xloader Payload

Tags

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2