STATEMENT Oct-Nov 25-11-2021.com

Target

Size

301KB

Sample

211125-va45wabbf4

Score

10 ^/10

MD5

02e738dd13974ab64a472f6aa2f065a8

SHA1

6134aee9ceffce4d6ed1777739493def77b62533

SHA256

9acf8fb51cab55a01a74cb84ca9958862b29b8909408e87412700e63a4f578ae

SHA512

90ce5711d1f3abd07398c38706f5dc48da02676a86331115b5c7724fd98b1b41606f3d80763d3c03663c1c1bf7864609d65eae183b73f5df2db8e73a49bccf09

Extracted

Family	xloader
Version	2.5
Campaign	unzn
C2	http://www.davanamays.com/unzn/ http://www.davanamays.com/unzn/
Decoy	xiulf.com highcountrymortar.com 523561.com marketingagency.tools ganmovie.net nationaalcontactpunt.com sirrbter.com begizas.xyz missimi-fashion.com munixc.info daas.support spaceworbc.com faithtruthresolve.com gymkub.com thegrayverse.xyz artisanmakefurniture.com 029tryy.com ijuubx.biz iphone13promax.club techuniversus.com samrgov.xyz grownupcurl.com sj0755.net beekeeperkit.com richessesabondantes.com xclgjgjh.net webworkscork.com vedepviet365.com bretabeameven.com cdzsmhw.com clearperspective.biz tigrg5g784sh.biz bbezan011.xyz mycar.store mansooralobeidli.com ascensionmemberszoom.com unlimitedrehab.com wozka.top askylarkgoods.com rj793.com prosvalor.com primetimeexpress.com boixosnoisperu.com mmasportgear.com concertiranian.net hyponymys.info maila.one yti0fyic.xyz shashiprayag.com speedprosmotorsports.com westchestercountyjunkcars.com patienceinmypocket.com rausachbaoloc.com plexregroup.com outsydercs.com foodandflour.com lenacrypto.xyz homeservicetoday.net marthaperry.com vmtcyd4q8.com shamefulguys.com loccssol.store gnarledportra.xyz 042atk.xyz xiulf.com highcountrymortar.com 523561.com marketingagency.tools ganmovie.net nationaalcontactpunt.com sirrbter.com begizas.xyz missimi-fashion.com munixc.info daas.support spaceworbc.com faithtruthresolve.com gymkub.com thegrayverse.xyz artisanmakefurniture.com 029tryy.com ijuubx.biz iphone13promax.club techuniversus.com samrgov.xyz grownupcurl.com sj0755.net beekeeperkit.com richessesabondantes.com xclgjgjh.net webworkscork.com vedepviet365.com bretabeameven.com cdzsmhw.com clearperspective.biz tigrg5g784sh.biz bbezan011.xyz mycar.store mansooralobeidli.com ascensionmemberszoom.com unlimitedrehab.com wozka.top askylarkgoods.com rj793.com prosvalor.com primetimeexpress.com boixosnoisperu.com mmasportgear.com concertiranian.net hyponymys.info maila.one yti0fyic.xyz shashiprayag.com speedprosmotorsports.com westchestercountyjunkcars.com patienceinmypocket.com rausachbaoloc.com plexregroup.com outsydercs.com foodandflour.com lenacrypto.xyz homeservicetoday.net marthaperry.com vmtcyd4q8.com shamefulguys.com loccssol.store gnarledportra.xyz 042atk.xyz

Target

STATEMENT Oct-Nov 25-11-2021.com

MD5

02e738dd13974ab64a472f6aa2f065a8

Filesize

301KB

Score

10 ^/10

SHA1

6134aee9ceffce4d6ed1777739493def77b62533

SHA256

9acf8fb51cab55a01a74cb84ca9958862b29b8909408e87412700e63a4f578ae

SHA512

90ce5711d1f3abd07398c38706f5dc48da02676a86331115b5c7724fd98b1b41606f3d80763d3c03663c1c1bf7864609d65eae183b73f5df2db8e73a49bccf09

Signatures

Xloader

Description

Xloader is a rebranded version of Formbook malware.

Tags

loader xloader
Xloader Payload

Tags

rat
Deletes itself
Loads dropped DLL
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

1^/10

behavioral1

xloader unzn loader rat

10^/10

behavioral2

xloader unzn loader rat

10^/10

Extracted

Tags

Signatures

Xloader

Description

Tags

Xloader Payload

Tags

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2