xloader

General

Target

ادائیگی کی کاپی 02604021.exe
Size

651KB
Sample

210426-57fhrl6kan
MD5

ca2ef02d49dbcfcb00c8c52003404fff
SHA1

4f1d328e01db016d4b66ffd6cfacf2ae31604f95
SHA256

bcf09c801e101acbaa20ef272f86c7eac2c311bf20c6a5b6e245fc0b92be576e
SHA512

3370b3e40fe7fb06a7456fd0a23691cd922e5a34f37a16275990db3d838c587aba19ec744cf4894a4614660489c9ae22fda876b2f1711d2ea36ce40adb8bb699

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.dailand-photography.com/i8ge/

Decoy

inthe.press

washabsorber.com

zjsjmm.com

systematicrisk7.com

362wy.com

isitcss3.com

citestkotimiri12.com

interviewpeeks.com

xiongmao30.icu

locatelucy.com

redeye-tech.com

szymmusic.com

celebrationordinance.life

studybyyou.com

desa88.com

crt.cool

niotrucks.com

logisdelagibouliere.com

baylg.com

top7pro.online

Targets

- Target
  
  ادائیگی کی کاپی 02604021.exe
- Size
  
  651KB
- MD5
  
  ca2ef02d49dbcfcb00c8c52003404fff
- SHA1
  
  4f1d328e01db016d4b66ffd6cfacf2ae31604f95
- SHA256
  
  bcf09c801e101acbaa20ef272f86c7eac2c311bf20c6a5b6e245fc0b92be576e
- SHA512
  
  3370b3e40fe7fb06a7456fd0a23691cd922e5a34f37a16275990db3d838c587aba19ec744cf4894a4614660489c9ae22fda876b2f1711d2ea36ce40adb8bb699
Score

10^/10

xloader agilenet loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2