xloader

General

Target

f7ab1c6e6623676d14665c84fdc9aee4.exe
Size

217KB
Sample

210305-gnmnlrlrps
MD5

f7ab1c6e6623676d14665c84fdc9aee4
SHA1

6d5b39ada2ead78c8977cb917cfee6e83180116f
SHA256

e6e9f774351440aef9b0b309282155ad0258f6e97da820170384454711e4bef8
SHA512

71239d2d161879d13053f3512a57a84fd9a86e907874075a7f6f143e6b96b0f64c5e933a4fb15d7deb4c3723ca8d1856723b7d8efa82ced17879f7f30c6483cf

Score

10^/10

Malware Config

Extracted

Family

xloader

C2

http://www.856380692.xyz/nsag/

Decoy

usopencoverage.com

5bo5j.com

deliveryourvote.com

bestbuycarpethd.com

worldsourcecloud.com

glowtheblog.com

translations.tools

ithacapella.com

machinerysubway.com

aashlokhospitals.com

athara-kiano.com

anabittencourt.com

hakimkhawatmi.com

fashionwatchesstore.com

krishnagiri.info

tencenttexts.com

kodairo.com

ouitum.club

robertbeauford.net

polling.asia

Targets

- Target
  
  f7ab1c6e6623676d14665c84fdc9aee4.exe
- Size
  
  217KB
- MD5
  
  f7ab1c6e6623676d14665c84fdc9aee4
- SHA1
  
  6d5b39ada2ead78c8977cb917cfee6e83180116f
- SHA256
  
  e6e9f774351440aef9b0b309282155ad0258f6e97da820170384454711e4bef8
- SHA512
  
  71239d2d161879d13053f3512a57a84fd9a86e907874075a7f6f143e6b96b0f64c5e933a4fb15d7deb4c3723ca8d1856723b7d8efa82ced17879f7f30c6483cf
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2