xloader

General

Target

91523f8d438585534d9466432cc4665d.exe
Size

201KB
Sample

210408-4rzvmbrt36
MD5

91523f8d438585534d9466432cc4665d
SHA1

e34b69f0ded056eca7dd43b8f5be2edf7198c211
SHA256

b5e3426a888ddb5751f9802093f1bd10ec696b2994bee03b99b7ba2b4f21a57d
SHA512

e8035c994acd9e46738b87eae25248df1548f8782d7475b4e9d362b68362ce62962780e46be0e054b9645d1be4e1eea8c93096f8e90bcb179040b5014eeec77b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.simplyhealrhcareplans.com/sqra/

Decoy

edwardjonescredticard.com

muzhskoy-eskort.site

home-sou.com

entohops.com

orchidandiris.com

kellnetworks.com

shopthen2.site

jimmysga.com

carobbella.com

fenuadiscovery.com

huongdandidong.com

greenesgoodies.com

socialunified.com

azure-vs-google.cloud

bardototonho.com

anadelalastra.art

godseyepiece.com

18082020.com

3559044.com

hvacservicecoldwater.com

Targets

- Target
  
  91523f8d438585534d9466432cc4665d.exe
- Size
  
  201KB
- MD5
  
  91523f8d438585534d9466432cc4665d
- SHA1
  
  e34b69f0ded056eca7dd43b8f5be2edf7198c211
- SHA256
  
  b5e3426a888ddb5751f9802093f1bd10ec696b2994bee03b99b7ba2b4f21a57d
- SHA512
  
  e8035c994acd9e46738b87eae25248df1548f8782d7475b4e9d362b68362ce62962780e46be0e054b9645d1be4e1eea8c93096f8e90bcb179040b5014eeec77b
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2