xloader

General

Target

SecuriteInfo.com.Trojan.GenericKDZ.74423.1321.32346
Size

331KB
Sample

210420-2z2blqrpg2
MD5

a5c974a5617823b3de03e26b469ad47d
SHA1

197b391fcd3b7b41e07f819535691405194fe2a4
SHA256

a3ae710cb1edbfd1f9cc33ab53ffddd288646a040118b2bc252cc6ac070a8308
SHA512

b660fab41fadc6497216ef3f0e3750f153f5f59f5dba0e30c60afba731b368b65d18576f1f5ca8ef10b52df97423f9addf1d1f9fd296d779c0d8d51e968ae4d1

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.nyclgbxyi.icu/u6nq/

Decoy

lamailefr.com

creativesword.com

mpconnextions.com

tureture-diary.net

ateamtotalcare.com

ihealthsauna.com

contex33.xyz

hotege.club

candiceco.com

southerntwistent.com

foivgohl.com

azetheelynn.art

galsmith.com

alphaquantumfunds.site

mursiony.club

ajobfit.com

resourceunits.com

metropolitanez.net

shaohuizq.com

tedbagsstore.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKDZ.74423.1321.32346
- Size
  
  331KB
- MD5
  
  a5c974a5617823b3de03e26b469ad47d
- SHA1
  
  197b391fcd3b7b41e07f819535691405194fe2a4
- SHA256
  
  a3ae710cb1edbfd1f9cc33ab53ffddd288646a040118b2bc252cc6ac070a8308
- SHA512
  
  b660fab41fadc6497216ef3f0e3750f153f5f59f5dba0e30c60afba731b368b65d18576f1f5ca8ef10b52df97423f9addf1d1f9fd296d779c0d8d51e968ae4d1
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2