Overview

overview

10

Static

static

DO 2168569...21.exe

windows7_x64

10

DO 2168569...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DO 2168569 2172145000025112021.exe

  • Size

    584KB

  • Sample

    211126-mg376afba3

  • MD5

    cb8bd5b9563bf3cfbafbbbbf99048266

  • SHA1

    9972dd790388aa860598448da56312571e4f4f5e

  • SHA256

    16afc1275bbb9dc325bcb03d7d0fb57b704adc0438c5c006070bdd07f2259230

  • SHA512

    858f481523f80cd8490deb9539a4ca8d5109aba5c6328ad0ea6f7aa063c229c462bc3a19197b08c7e6811df41c21b7fe8d7bf27f69a3c93d96f97795a88956a6

Score
10/10
xloaderu0n0loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

C2

http://www.52xjg3.xyz/u0n0/

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

    • Target

      DO 2168569 2172145000025112021.exe

    • Size

      584KB

    • MD5

      cb8bd5b9563bf3cfbafbbbbf99048266

    • SHA1

      9972dd790388aa860598448da56312571e4f4f5e

    • SHA256

      16afc1275bbb9dc325bcb03d7d0fb57b704adc0438c5c006070bdd07f2259230

    • SHA512

      858f481523f80cd8490deb9539a4ca8d5109aba5c6328ad0ea6f7aa063c229c462bc3a19197b08c7e6811df41c21b7fe8d7bf27f69a3c93d96f97795a88956a6

    Score
    10/10
    xloaderu0n0loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks