xloader

General

Target

QUOTE B1020363.PDF.gz
Size

493KB
Sample

210421-pzcx9d71d2
MD5

adfcfecea283e97f3cda3be4baffa7e9
SHA1

9fc3c788072d7c18f798088fd0936998035747b4
SHA256

104f4489ec8b1b693b839dc39082f5f07e569be7728dbd3e0d8172a76f6dce68
SHA512

3bc4cda1157b2773b26b45f138061da0123b4111d457a801015d18fc30d86db80ded5f4b3c0804c02de55684cde935bc53802e8388b86986d350c16d8e98ab7b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.huamxvcyq.icu/aepn/

Decoy

noesos.com

partsus.xyz

manageordercentersupp.com

wickedwallart.com

hike4cash.com

theviragocircle.com

followthesharks.com

paradisevalleywines.com

unmetrolimpio.com

eurocarsnj.com

alvaroeliseo.com

bfc8.xyz

oldcourts.com

bkpef.info

mammately.com

agentcharles.com

wwwmichiganbulb.com

pensolid.info

hibiscushealthcare.com

mwanakbk.com

Targets

- Target
  
  QUOTE B1020363.PDF.exe
- Size
  
  598KB
- MD5
  
  ecc182f3b2feaedcd32a97c51f01f652
- SHA1
  
  2c5b57854e772c72f3410d3ee3a29e19b654af1d
- SHA256
  
  cc58e505c504c770a1031d30453615f7748b0618b872655ac79a059a072c194c
- SHA512
  
  a593ae7b7d81499589722f5b420d645a25b030c264b9ef490016cb7b9e6845cf674b0d25371670c8fef86b54b7716e3f34b70e44b7b084535d8963580e88050d
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2