xloader

General

Target

transferir copia_03_05.exe
Size

823KB
Sample

210306-b49be6eqax
MD5

4f1a54809ac8e534239bade40b46bfab
SHA1

cc4ae9e1888fa1071fcccc56f8e46253bd00b99a
SHA256

3488d309b21afbc3b481320bcf1209908813e2eb8a63df772f740426034b9958
SHA512

d13542d590ec6482f6c0bbbbf6d504f39c64fd28f8e32ebb239a33193c0afe4cd4e938ca6a966e115aeaa92e21b0581d32cf8a736e764d66b237d573e303a705

Score

10^/10

Malware Config

Extracted

Family

xloader

C2

http://www.basiclablife.com/8zdn/

Decoy

yourherogarden.net

onlineharambee.net

cerrajeriaurgencias24horas.com

distritoforex.com

verifyclientserverssr.com

dandwg.com

co2-zero.global

joshssl.com

meckwt.com

theammf.com

rawclectic.com

gzgnetwork.com

richmondavenuecoc.com

nicolelyte.com

thetinyclosetboutique.com

llt-group.net

seven-sky-design.com

joganifinancialgrp.com

elementsvapes.com

bingent.info

Targets

- Target
  
  transferir copia_03_05.exe
- Size
  
  823KB
- MD5
  
  4f1a54809ac8e534239bade40b46bfab
- SHA1
  
  cc4ae9e1888fa1071fcccc56f8e46253bd00b99a
- SHA256
  
  3488d309b21afbc3b481320bcf1209908813e2eb8a63df772f740426034b9958
- SHA512
  
  d13542d590ec6482f6c0bbbbf6d504f39c64fd28f8e32ebb239a33193c0afe4cd4e938ca6a966e115aeaa92e21b0581d32cf8a736e764d66b237d573e303a705
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2