General
Target

c3732a4c293740632956474cb15e9f25f77cd96b6a40366c137f29b5df1d819e

Size

304KB

Sample

211117-13xt6aebb6

Score
10/10
MD5

e0c09b7302a96d737a7573a7938ea389

SHA1

2d064fc357be869f8bf7d57f099b5edd1aeaa0a8

SHA256

c3732a4c293740632956474cb15e9f25f77cd96b6a40366c137f29b5df1d819e

SHA512

830c1b59658a9f744f59e39281a0102cbfef538b03f93154b1310dfab017768095d0aec2688ee464f87cff41ca9e13400c3cefde681e1d171ad2c9525abb592e

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

unzn

C2

http://www.davanamays.com/unzn/

Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

samrgov.xyz

grownupcurl.com

sj0755.net

beekeeperkit.com

richessesabondantes.com

xclgjgjh.net

webworkscork.com

vedepviet365.com

bretabeameven.com

cdzsmhw.com

clearperspective.biz

tigrg5g784sh.biz

bbezan011.xyz

mycar.store

mansooralobeidli.com

ascensionmemberszoom.com

unlimitedrehab.com

wozka.top

askylarkgoods.com

rj793.com

prosvalor.com

primetimeexpress.com

boixosnoisperu.com

mmasportgear.com

concertiranian.net

hyponymys.info

maila.one

yti0fyic.xyz

shashiprayag.com

speedprosmotorsports.com

Targets
Target

c3732a4c293740632956474cb15e9f25f77cd96b6a40366c137f29b5df1d819e

MD5

e0c09b7302a96d737a7573a7938ea389

Filesize

304KB

Score
10/10
SHA1

2d064fc357be869f8bf7d57f099b5edd1aeaa0a8

SHA256

c3732a4c293740632956474cb15e9f25f77cd96b6a40366c137f29b5df1d819e

SHA512

830c1b59658a9f744f59e39281a0102cbfef538b03f93154b1310dfab017768095d0aec2688ee464f87cff41ca9e13400c3cefde681e1d171ad2c9525abb592e

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        1/10

                        behavioral1

                        Score
                        10/10