xloader

General

Target

RE New order.exe
Size

774KB
Sample

210420-mjh8mgvmwa
MD5

752c086496f2301ef7e95cc0a710c786
SHA1

9cb8456136462d69dfd073b43707fa9eee7d09a7
SHA256

beb1862a3b194a840605b7f030f0285fff18fadfc4199c3da007f44b7ad19292
SHA512

d9a4a2bce07b613ce55f1cfe085faa5a1381cb0fb60f7d80c0eb7c279bbadb5e2f949adab5ed488ffaf238f5963b3978d4483bca40dac556ccb1aed4f2002a39

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.mipecvinh-heritage.com/bfak/

Decoy

beautifulhairbabe.com

smartlegal.info

posgradeadunica.com

suitefleetdms.com

dlxlcarbon.com

wongtangstore9.host

saintsimonsparkneighborhood.com

racevx.xyz

mooniswap.farm

healthymantra.store

igualandocaminos.com

eclecticblerd.com

reasonofsmilefoundation.com

thechallenge.party

smallbusinessesforgolden.com

yihuyifu.com

escalategear.com

lnanhhealthcareers.com

makeupkacie.com

gccrewauction.com

Targets

- Target
  
  RE New order.exe
- Size
  
  774KB
- MD5
  
  752c086496f2301ef7e95cc0a710c786
- SHA1
  
  9cb8456136462d69dfd073b43707fa9eee7d09a7
- SHA256
  
  beb1862a3b194a840605b7f030f0285fff18fadfc4199c3da007f44b7ad19292
- SHA512
  
  d9a4a2bce07b613ce55f1cfe085faa5a1381cb0fb60f7d80c0eb7c279bbadb5e2f949adab5ed488ffaf238f5963b3978d4483bca40dac556ccb1aed4f2002a39
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2