xloader

General

Target

SecuriteInfo.com.Trojan.Win32.Save.a.6339.10816
Size

2.0MB
Sample

210502-fph68s2txs
MD5

9597713af0d2566f6e3186196d31e520
SHA1

29d71fdcf9bf142da347470cbf0eae90b352dd7d
SHA256

f3c279e61de77236f3390c91dee09f02aa01974e14e429426fa174e0ff8a7512
SHA512

593e4ac84836db4462cafd1420cc2d5944207e518b64be801acec98ad17d441bcac16c06784894ade681d63ef4140b1098d257fd06f6ae21c39819101d1453ed

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.jqjdgw.com/ued5/

Decoy

italiancosmeticbeauty.com

zhima7.com

phresheffect.com

comp-savvy.net

xjhtcaum.com

copperbrassgermkey.com

smero.financial

opticsoptimum.com

pisanosportpraxis.com

pediatricfeedrates.com

binsogleam.com

sarahseatter.com

wywatershed.com

smellyhomeshop.com

naviorchidlife.com

cunerier.com

thecornercomputers.com

brightwoodcollection.com

taxprep-repsolutions.net

phukien4u.net

Targets

- Target
  
  SecuriteInfo.com.Trojan.Win32.Save.a.6339.10816
- Size
  
  2.0MB
- MD5
  
  9597713af0d2566f6e3186196d31e520
- SHA1
  
  29d71fdcf9bf142da347470cbf0eae90b352dd7d
- SHA256
  
  f3c279e61de77236f3390c91dee09f02aa01974e14e429426fa174e0ff8a7512
- SHA512
  
  593e4ac84836db4462cafd1420cc2d5944207e518b64be801acec98ad17d441bcac16c06784894ade681d63ef4140b1098d257fd06f6ae21c39819101d1453ed
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2