tmp

General
Target

tmp

Size

257KB

Sample

220514-r648zacfgm

Score
10 /10
MD5

de76ef6a11a63efc00b0303888bc0b7f

SHA1

7ab24456a49f6b61bc54d20a4d9c0b84f3ae696b

SHA256

fc6ebe8bc215a292bb3df340a84350ceb2be7187efc8e10381235cfa8d82f734

SHA512

51a5cf0f640d922ec0d8bf5ba3fcc06b6278e3ac45f07190710c5055a23102a614443641d8b6617775d5a786ccb1e9d10404dfa0e146e6c8ec3481c616214d99

Malware Config

Extracted

Family xloader
Version 2.6
Campaign nc39
Decoy

bohicaapparel.com

chilliesofwoodstock.com

szcipa.com

nirmalaswagruhafoods.com

orbitas.online

bjvxx.com

atomvpn.site

thecanvacoach.com

thewhitelounge.com

trwebz.xyz

yiwanggkm.com

maggiceden-io.com

kimyanindelisi.online

xn--e02b19uo0j.com

kaola74.top

klcsales.net

renacerdevteam.com

talkmoor.com

seobusinesslistings.com

contractornurd.com

wolksquit.com

hamiltonspringfield.com

skinclash.com

d-web.net

tige03.xyz

thereeldecoy.com

dutyapparel.com

vicentedotorarquitectos.com

bensdrywall.com

domainnetwoks.com

incorrectbenevolence.com

ramvadher.space

dbluvt.xyz

laps-clicks.com

thewattelectric.com

fogpromo.com

ibcfitting.com

get25000today.com

do-hobbies-indoors.com

marmagdistribuciones.com

newworldtongpaihotels.net

3astratford.com

tocarrythemessage.com

57shasha.club

117colgett.com

captainnoclue.com

rapejesus.site

grandas-svoboda.com

apartmentpermis.com

greatco.biz

Targets
Target

tmp

MD5

de76ef6a11a63efc00b0303888bc0b7f

Filesize

257KB

Score
10/10
SHA1

7ab24456a49f6b61bc54d20a4d9c0b84f3ae696b

SHA256

fc6ebe8bc215a292bb3df340a84350ceb2be7187efc8e10381235cfa8d82f734

SHA512

51a5cf0f640d922ec0d8bf5ba3fcc06b6278e3ac45f07190710c5055a23102a614443641d8b6617775d5a786ccb1e9d10404dfa0e146e6c8ec3481c616214d99

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10