General

  • Target

    STATEMENT Oct-Nov 25-11-2021.com

  • Size

    301KB

  • Sample

    211125-va45wabbf4

  • MD5

    02e738dd13974ab64a472f6aa2f065a8

  • SHA1

    6134aee9ceffce4d6ed1777739493def77b62533

  • SHA256

    9acf8fb51cab55a01a74cb84ca9958862b29b8909408e87412700e63a4f578ae

  • SHA512

    90ce5711d1f3abd07398c38706f5dc48da02676a86331115b5c7724fd98b1b41606f3d80763d3c03663c1c1bf7864609d65eae183b73f5df2db8e73a49bccf09

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

unzn

C2

http://www.davanamays.com/unzn/

Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

Targets

    • Target

      STATEMENT Oct-Nov 25-11-2021.com

    • Size

      301KB

    • MD5

      02e738dd13974ab64a472f6aa2f065a8

    • SHA1

      6134aee9ceffce4d6ed1777739493def77b62533

    • SHA256

      9acf8fb51cab55a01a74cb84ca9958862b29b8909408e87412700e63a4f578ae

    • SHA512

      90ce5711d1f3abd07398c38706f5dc48da02676a86331115b5c7724fd98b1b41606f3d80763d3c03663c1c1bf7864609d65eae183b73f5df2db8e73a49bccf09

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation