xloader

General

Target

New Order.exe
Size

464KB
Sample

210306-d86dz363l2
MD5

0024d9cde1a84611d54766483e965b83
SHA1

c2510602e2894aeb2882fb88b56b0240b068cbe3
SHA256

505d119d07ae831d54801a1a5c39320ec8bbeec8c4ad81f2b60e12ae25b88f8f
SHA512

88c2cb84c52cb77a97aac1ad6dfa8df7ec5f6ddfaa98151ceff84b8251d6fa35e5a396fd8ad1e64e401e9f2867afb8625fce0c8ae023875172a520014582b918

Score

10^/10

Malware Config

Extracted

Family

xloader

C2

http://www.magentos.info/za004/

Decoy

meihebiotech.com

4clicksecurewipe.com

essentially-best.life

real-castings.com

ivetha.com

hczx618.com

1990sinsertcarddatabase.com

testdrive.digital

johanneroussy.com

lyhyzl.com

ajekj.com

mikima.site

tennisfaction.com

fwril.info

hancockinstituteofjazz.info

nespressoonline.com

zeehostonline.com

academychic.com

1nha.com

moneylinetees.online

Targets

- Target
  
  New Order.exe
- Size
  
  464KB
- MD5
  
  0024d9cde1a84611d54766483e965b83
- SHA1
  
  c2510602e2894aeb2882fb88b56b0240b068cbe3
- SHA256
  
  505d119d07ae831d54801a1a5c39320ec8bbeec8c4ad81f2b60e12ae25b88f8f
- SHA512
  
  88c2cb84c52cb77a97aac1ad6dfa8df7ec5f6ddfaa98151ceff84b8251d6fa35e5a396fd8ad1e64e401e9f2867afb8625fce0c8ae023875172a520014582b918
Score

10^/10

xloader agilenet loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2