xloader

General

Target

74ed218c_by_Libranalysis
Size

775KB
Sample

210503-bgwhjav8hx
MD5

74ed218c2c421e3978445a1edbe40a08
SHA1

16d950eae07654c9805d4476928c4c8d7d12fcc1
SHA256

b32ad3bf2b79e411ca0450c1d5430d12c9bb73c269e0838ee512bc816fcce3b7
SHA512

0cb4af6ad1434d4140d0e055fc77de2543c9ea9babe077de27184b1628cbdc8f32530c5f0c2f4b3e1199459c0521e67415421525070c0870e75dc09105bf94d6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.cats16.com/8u3b/

Decoy

pipienta.com

wisdomfest.net

jenniferreich.com

bigcanoehomesforless.com

kayandbernard.com

offerbuildingsecrets.com

benleefoto.com

contactlesssoftware.tech

statenislandplumbing.info

lifestylemedicineservices.com

blazerplanning.com

fnatic-skins.club

effectivemarketinginc.com

babyshopit.com

2000deal.com

k12paymentcemter.com

spwakd.com

lesreponses.com

abundando.com

hawkspremierfhc.com

Targets

- Target
  
  74ed218c_by_Libranalysis
- Size
  
  775KB
- MD5
  
  74ed218c2c421e3978445a1edbe40a08
- SHA1
  
  16d950eae07654c9805d4476928c4c8d7d12fcc1
- SHA256
  
  b32ad3bf2b79e411ca0450c1d5430d12c9bb73c269e0838ee512bc816fcce3b7
- SHA512
  
  0cb4af6ad1434d4140d0e055fc77de2543c9ea9babe077de27184b1628cbdc8f32530c5f0c2f4b3e1199459c0521e67415421525070c0870e75dc09105bf94d6
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2