xloader

General

Target

PO.exe
Size

529KB
Sample

210412-7f6kcpterj
MD5

4bb710142c4fa183e24dbd3ce3c7b51d
SHA1

64a659096deda60c37861ddc0d26d3bfb11cc0c7
SHA256

4903d25c490e1b6c899c4fb9d3d3eb16d79c802245d4c2b667ff06f42724e358
SHA512

7b157763a01bcfba0a66d026af138209a2b3fccd955e789158d39a5e4738491f8146c1894aceabae42e7e064b02314f098ea52351dcbd2f66feed2b8ee6acc35

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.retro-e-scooter.com/sawc/

Decoy

prozedere.com

p53mutation.net

sidepiecebags.com

5865145.com

hushadianji.com

riseses.com

curvywahinemaui.com

marienish.com

tenxtimes.net

xcusehheseje.com

tjtradelimited.com

mitraberdaya.com

koedk.com

currenibtc.com

casa-rural-via.com

prcodes.xyz

brandariz.net

mcsc.club

curiget.xyz

juli.world

Targets

- Target
  
  PO.exe
- Size
  
  529KB
- MD5
  
  4bb710142c4fa183e24dbd3ce3c7b51d
- SHA1
  
  64a659096deda60c37861ddc0d26d3bfb11cc0c7
- SHA256
  
  4903d25c490e1b6c899c4fb9d3d3eb16d79c802245d4c2b667ff06f42724e358
- SHA512
  
  7b157763a01bcfba0a66d026af138209a2b3fccd955e789158d39a5e4738491f8146c1894aceabae42e7e064b02314f098ea52351dcbd2f66feed2b8ee6acc35
Score

10^/10

xloader agilenet loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2