xloader

General

Target

PO45937008ADENGY.exe
Size

110KB
Sample

210408-smw9acqb16
MD5

47ebf3893d8d6db4add1b87ad75495e4
SHA1

a90970359da16dfbcf89648f7a38fb75707181b3
SHA256

ee54b187c42f159bfba469c4b8c5ba0a85afeb802ea7eacaf400ccb38f7183af
SHA512

af3761d653503d2a4875297ff883d1e2a6114a8fbb77123929f1f7c4c1c974e7939d0382fdee8b01a80de5c0fa6edbe7c730ad17230d4f3fd100357c0166705c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.hnchotels.com/mb7q/

Decoy

thezensub.com

wapedir.com

itt.xyz

mindframediscovery.com

sitesolved.net

beyju.store

belatopapparel.xyz

ridgefitct.com

huanb.com

brustwarzentattoo.com

jlasoluciones.club

sinoagrifcf.com

theskineditco.com

ccsdinstructer.com

wealththinker.com

pradnyanamaya.com

szmsbk.com

meezingo.com

ivyshermanboutique.com

tkbeads.com

Targets

- Target
  
  PO45937008ADENGY.exe
- Size
  
  110KB
- MD5
  
  47ebf3893d8d6db4add1b87ad75495e4
- SHA1
  
  a90970359da16dfbcf89648f7a38fb75707181b3
- SHA256
  
  ee54b187c42f159bfba469c4b8c5ba0a85afeb802ea7eacaf400ccb38f7183af
- SHA512
  
  af3761d653503d2a4875297ff883d1e2a6114a8fbb77123929f1f7c4c1c974e7939d0382fdee8b01a80de5c0fa6edbe7c730ad17230d4f3fd100357c0166705c
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2