xloader

General

Target

MV. Ever Reliance 009423578- doc.gz
Size

201KB
Sample

210420-18vqkb1blj
MD5

10c4c5d288d6eb4c228beae137ee9024
SHA1

692daa8f137cf12a8b368dcca189661d9a6f79e3
SHA256

7e24ceac271965bb0c5bca152b1dc64a41a6b540b985edc13c271a6ade9f565d
SHA512

49d3cdcd57262ca47ad2242b4dedf34dc01b599ac25cf043a9bb9bd54d949fdcc6d4522dd347caee252dd5dbdf2ed3c9411eaecde8bf0a2bb0572461aedf87f3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.cheristolentino.com/uwec/

Decoy

verasalt.com

unitewealth.com

alkermeswebcastnovember24.com

titanbrewkit.com

existencerecords.com

fernandelightful.com

solitdude.com

kingstaxserviceoffortpierce.com

rawboyfriends.com

xn--0xv382difa.com

tiffanymcolston.com

jointeammaverick.com

customwoodworksa.com

hospitaldeanimales.com

resolviendomatematicas.com

naukrismartjob.info

agenciacolman.com

mercadowalton.com

kmediamarketing.net

switcheo.finance

Targets

- Target
  
  MV. Ever Reliance 009423578- doc.exe
- Size
  
  213KB
- MD5
  
  b68c8572fc65c506e786c88003bb03da
- SHA1
  
  c3a4b17f8776d85302a965edb641cb95d1d7ea51
- SHA256
  
  37b9a3cdfa840380274e8b72280b489b4e8508faa89d1c963ba9977176e7fb8b
- SHA512
  
  db98ca6dabdc4189a8e579834e124478b93a77826cdb126fb34108d89a56b5c0f788c2e24426ebc2a8f6f930fe7ed65338d554be90d06d9b4171bc26114715c9
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2