xloader

General

Target

dhl-S3FUB.7z
Size

207KB
Sample

210304-ytrzsh1s2j
MD5

7bd8fbf0e5a8f8988d8c874abf10f941
SHA1

ddf51b7e1a45f35b5fe25fead4bc7b0e7b5a558a
SHA256

7f7ba47b4b075164bdaa25c2a26a4b2fe2f1f7b5fa76a5912f108db492d616b8
SHA512

ac5d212f495971d9bef10f551e852ca6c058657a9e32c9f2dbfaaf65eae65710a596a5dc9ac5814e2193b66e8bbe054554a3d4840e16e51360fde38d3332782e

Score

10^/10

Malware Config

Extracted

Family

xloader

C2

http://www.injectionhub.com/nppk/

Decoy

jwfbc.com

thebroncooutfitters.com

andaplafonpadang.com

zixi20.com

lanzhoubuxiugang.com

saielectronicsonline.com

amazonishop.com

theblindshops.com

polyanom.com

stunningsinglemama.com

softfsafawt.site

fuyunniu.com

choose-deal.com

pornstarpimp.com

hairthatshappy.com

one-etz.com

sharonbrandman.com

servidordigital.company

don-dejohn.com

malaysianwhitecoffee.com

Targets

- Target
  
  jabastin.exe
- Size
  
  219KB
- MD5
  
  bf2280363178076f4f5e4f6b1560c4bb
- SHA1
  
  8cff680cbc56da797f68e234901b16a8067abbd8
- SHA256
  
  c0c03ed0990ed10f1f253b8db22d6126a344388797b920909c64f5307c42da40
- SHA512
  
  b2b652de7fa1341d8b868c7d995a2713e25184cc12255dc9831ca6d4b04a60d060ecd1b9364deed565114906fae423bd36f4c43182d4215d3505a9f69253aee9
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2