xloader

General

Target

RFQ_AP65425652_032421 isu-isu,pdf.exe
Size

388KB
Sample

210408-rzr1sx19te
MD5

98f9ea244308bb5969ea3c302c32efcd
SHA1

82a913894418af7834d23bc543eb286230d4edf4
SHA256

cd292d4cdb5ff8f2de087a09de2a152722d910f1df7ce7b65e6480be9ae77fdf
SHA512

c300afa9a46ca0c9d12c395c90c7bcd1950513780d4fd3775525a4f431319e16504ee3ee2411050a48810b94eb29f3c9ee84ad8c6efd2460280c7091a5923847

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.luegomusic.com/pe0r/

Decoy

quickeasybites.com

idilecup.com

atelierdusalon.com

tigerking-safe.com

goinyourstrength.com

ssfgasia.com

halmanseger.com

hpcovn.com

thegodfatherricedealer.com

hzmsbg.com

trickswithwix.com

rbvctiu.com

spystoredevices.com

monlexiem.com

apt-forward.com

medsez.cloud

nanantz.com

kf350.com

ztvwgqjya.com

countingeverything.com

Targets

- Target
  
  RFQ_AP65425652_032421 isu-isu,pdf.exe
- Size
  
  388KB
- MD5
  
  98f9ea244308bb5969ea3c302c32efcd
- SHA1
  
  82a913894418af7834d23bc543eb286230d4edf4
- SHA256
  
  cd292d4cdb5ff8f2de087a09de2a152722d910f1df7ce7b65e6480be9ae77fdf
- SHA512
  
  c300afa9a46ca0c9d12c395c90c7bcd1950513780d4fd3775525a4f431319e16504ee3ee2411050a48810b94eb29f3c9ee84ad8c6efd2460280c7091a5923847
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2