xloader

General

Target

PO#10244.exe
Size

717KB
Sample

210430-3t7954f9hj
MD5

c4192fc5d072aff733b9c9e3b5d165da
SHA1

2c4e6cae1c3ef562452cc4e6caebd6f5511bc11a
SHA256

a42564801d666f9a210723ee247df72d71d93274e7556920957d5a98b237ab2c
SHA512

c59d51540089ddd00309e328620f11386326c1687a8f2e2318e42f2fbda93d66a0153d5493971ce7eee8f624a61ef52295e729438f1d41289a393ada9f4b3613

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.hysjs168.com/uv34/

Decoy

lattakia-imbiss.com

helenafinaltouch.com

yogamays.com

habangli.com

embraceblm.com

freeurlsite.com

szxanpet.com

inspirationalsblog.com

calibratefirearms.net

chelseashalza.com

ihdeuruim.com

symbolofsafety.com

albanyhumanesociety.net

exclusiveoffer.bet

888yuntu.com

maraitime.com

caletaexperience.com

dreamlikeliving.com

wolvesmito.club

zbyunjin.com

Targets

- Target
  
  PO#10244.exe
- Size
  
  717KB
- MD5
  
  c4192fc5d072aff733b9c9e3b5d165da
- SHA1
  
  2c4e6cae1c3ef562452cc4e6caebd6f5511bc11a
- SHA256
  
  a42564801d666f9a210723ee247df72d71d93274e7556920957d5a98b237ab2c
- SHA512
  
  c59d51540089ddd00309e328620f11386326c1687a8f2e2318e42f2fbda93d66a0153d5493971ce7eee8f624a61ef52295e729438f1d41289a393ada9f4b3613
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2