Overview

overview

10

Static

static

1

Statement 12-0...om.exe

windows7_x64

10

Statement 12-0...om.exe

windows10_x64

10
General
Target

Statement 12-01-2021.com

Size

552KB

Sample

211201-hm3rcsdfb9

Score
10/10
MD5

d84165c69252af24ac6a92da452b4eb2

SHA1

5ca05c20d6240e1ab18c4204cfe3a8d85b5fede4

SHA256

99e122686461defed546b28e1b3461a92cc5a3e0fe46cac917f5e130d5941f1f

SHA512

ada97e517e7678ad971c73395d282d84c1b35493f7cd012ac226a08549757ec756d147ccc404620cd655804c24d1ed5f8e68390478fc3a5b6f134d326c78b3f5

Malware Config

Extracted

Family

xloader
Version

2.5
Campaign

unzn
C2

http://www.davanamays.com/unzn/
Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

samrgov.xyz

grownupcurl.com

sj0755.net

beekeeperkit.com

richessesabondantes.com

xclgjgjh.net

webworkscork.com

vedepviet365.com

bretabeameven.com

cdzsmhw.com

clearperspective.biz

tigrg5g784sh.biz

bbezan011.xyz

mycar.store

mansooralobeidli.com

ascensionmemberszoom.com

unlimitedrehab.com

wozka.top

askylarkgoods.com

rj793.com

prosvalor.com

primetimeexpress.com

boixosnoisperu.com

mmasportgear.com

concertiranian.net

hyponymys.info

maila.one

yti0fyic.xyz

shashiprayag.com

speedprosmotorsports.com
Targets
Target

Statement 12-01-2021.com

MD5

d84165c69252af24ac6a92da452b4eb2

Filesize

552KB

Score
10/10
SHA1

5ca05c20d6240e1ab18c4204cfe3a8d85b5fede4

SHA256

99e122686461defed546b28e1b3461a92cc5a3e0fe46cac917f5e130d5941f1f

SHA512

ada97e517e7678ad971c73395d282d84c1b35493f7cd012ac226a08549757ec756d147ccc404620cd655804c24d1ed5f8e68390478fc3a5b6f134d326c78b3f5

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
          Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      1/10

                      behavioral1

                      Score
                      10/10

                      behavioral2

                      Score
                      10/10