xloader

General

Target

SecuriteInfo.com.Variant.Midie.79660.31247.11578
Size

164KB
Sample

210304-yt4rw34q8a
MD5

1da73d4931cd6893f7b9fc765225a62d
SHA1

cdc4992d5e425628b1c12c51d64a9105824bacc5
SHA256

12e42bff4fa377032623342ac1f23a5c87225a40ef8b900cbb06ae4bd203864d
SHA512

fe6d7693e80890b3da7a27d37630d48a4de919b53a8532496fe9c4b66665dde605a46f71d42e228d83fa8d3c92aaadc5a36b50e479f450742ab8a06589820a18

Score

10^/10

Malware Config

Extracted

Family

xloader

C2

http://www.pardsoda.com/w25t/

Decoy

nowayinlocksmith.com

bookaprovider.com

joybirder.com

decoracerrado.com

preciousmonments.com

96kixx.com

parentseducationalco-op.com

cbdandbtc.com

santanadeliciasymas.com

finecharlottehomes.com

themanibox.com

backupasia.com

buffalodetailstore.com

iprdo.com

croce-komeko.com

bluechipsgroup.company

truyencow.com

globalism.online

oicrafts.com

naturalawakeningsprograms.com

Targets

- Target
  
  SecuriteInfo.com.Variant.Midie.79660.31247.11578
- Size
  
  164KB
- MD5
  
  1da73d4931cd6893f7b9fc765225a62d
- SHA1
  
  cdc4992d5e425628b1c12c51d64a9105824bacc5
- SHA256
  
  12e42bff4fa377032623342ac1f23a5c87225a40ef8b900cbb06ae4bd203864d
- SHA512
  
  fe6d7693e80890b3da7a27d37630d48a4de919b53a8532496fe9c4b66665dde605a46f71d42e228d83fa8d3c92aaadc5a36b50e479f450742ab8a06589820a18
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1

T1102

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2