xloader

General

Target

NEW ORDER INQUIRY_B3003H24 .pdf.exe
Size

847KB
Sample

210422-zxh16kyewn
MD5

bb19727805e0a324459821b815ceedc0
SHA1

1523af27204e8b74622bd02ecf31ee263b3509ce
SHA256

e8a3b52e9b54740b4d20b01aac7d1e77576ae6c23754c775bef7ab48bb494e8a
SHA512

96b294414154fb355df68e26e7bc1ea973062fdd6dcd87a577bba3b1620c6cd03e65108ed6adcd5ae722103c8a70f121ec08890cd17901991d06691a431450ba

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.huamxvcyq.icu/aepn/

Decoy

noesos.com

partsus.xyz

manageordercentersupp.com

wickedwallart.com

hike4cash.com

theviragocircle.com

followthesharks.com

paradisevalleywines.com

unmetrolimpio.com

eurocarsnj.com

alvaroeliseo.com

bfc8.xyz

oldcourts.com

bkpef.info

mammately.com

agentcharles.com

wwwmichiganbulb.com

pensolid.info

hibiscushealthcare.com

mwanakbk.com

Targets

- Target
  
  NEW ORDER INQUIRY_B3003H24 .pdf.exe
- Size
  
  847KB
- MD5
  
  bb19727805e0a324459821b815ceedc0
- SHA1
  
  1523af27204e8b74622bd02ecf31ee263b3509ce
- SHA256
  
  e8a3b52e9b54740b4d20b01aac7d1e77576ae6c23754c775bef7ab48bb494e8a
- SHA512
  
  96b294414154fb355df68e26e7bc1ea973062fdd6dcd87a577bba3b1620c6cd03e65108ed6adcd5ae722103c8a70f121ec08890cd17901991d06691a431450ba
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2