xloader

General

Target

9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248.exe
Size

218KB
Sample

210306-k1c5nw5frs
MD5

4e38f139a12a838dbde332c9d6285d2f
SHA1

d9870967a42b9f754faf19c729fe5cfe1429556f
SHA256

9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248
SHA512

ab87a3301375a7ad63db3bc9d1904118fc82a206eeeef86596e760dcd7d7c09cd93fe672fe11f0a47110d413ad7fefc26819dde9aee672edd482a87e5104bb73

Score

10^/10

Malware Config

Extracted

Family

xloader

C2

http://www.fountainhead410.com/jzvu/

Decoy

rezabird.com

amthebomb.com

cqfsc.net

scottgesslerdesign.com

australianhempco.com

digitalkn.com

theoneandonlytattoostudio.com

chaing-list.xyz

technicaljanu.com

tigerkid.net

mels.ink

adassadelacruz.com

deep-freezers.xyz

kundanbangles.com

88840678.com

xiaonaphotography.online

john-heer-stuttgart.com

gumrukihalesi.com

veekasdoshi.com

purathanam.com

Targets

- Target
  
  9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248.exe
- Size
  
  218KB
- MD5
  
  4e38f139a12a838dbde332c9d6285d2f
- SHA1
  
  d9870967a42b9f754faf19c729fe5cfe1429556f
- SHA256
  
  9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248
- SHA512
  
  ab87a3301375a7ad63db3bc9d1904118fc82a206eeeef86596e760dcd7d7c09cd93fe672fe11f0a47110d413ad7fefc26819dde9aee672edd482a87e5104bb73
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2