xloader

General

Target

RFQ_R4100131210.pdf.exe
Size

624KB
Sample

210420-22fhrzedge
MD5

c27bd99ca5f928a3bec7a716bd27d289
SHA1

f6ac29d30ec60cd1429bc2e31c85c8eda0bc871e
SHA256

414d26c286eeeda12cc3705aa3ed2ae06e901dc09795434e6abe4389f31c1e8e
SHA512

6cddff9fe566341de45813809e3435225fbdd75ecc73adfd630e832cb55444841a5c7bb9ec0c401d7f12eaa658032479405811bb2b7389527b14e6330327af7a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.huamxvcyq.icu/aepn/

Decoy

noesos.com

partsus.xyz

manageordercentersupp.com

wickedwallart.com

hike4cash.com

theviragocircle.com

followthesharks.com

paradisevalleywines.com

unmetrolimpio.com

eurocarsnj.com

alvaroeliseo.com

bfc8.xyz

oldcourts.com

bkpef.info

mammately.com

agentcharles.com

wwwmichiganbulb.com

pensolid.info

hibiscushealthcare.com

mwanakbk.com

Targets

- Target
  
  RFQ_R4100131210.pdf.exe
- Size
  
  624KB
- MD5
  
  c27bd99ca5f928a3bec7a716bd27d289
- SHA1
  
  f6ac29d30ec60cd1429bc2e31c85c8eda0bc871e
- SHA256
  
  414d26c286eeeda12cc3705aa3ed2ae06e901dc09795434e6abe4389f31c1e8e
- SHA512
  
  6cddff9fe566341de45813809e3435225fbdd75ecc73adfd630e832cb55444841a5c7bb9ec0c401d7f12eaa658032479405811bb2b7389527b14e6330327af7a
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2