xloader

General

Target

PI_ANTAI_PosMAC_30MT_(20210223-ANT-POSMAC)_BALANCE.exe
Size

298KB
Sample

210503-hs6cjghspa
MD5

ebd5af0375f296ad5896edaea4c31cfc
SHA1

78abada0857950b0ff101ff9822ed18c233047d3
SHA256

cdbc397f34c7b2bb13f08d7444e5d4eac9f9d1205eaf1b3a720c51ab76767d1e
SHA512

721095e041024b636b33f506ccd048ee384cf0a2280d0a949d394db0eb48f2cd2a6336fb993ade38c3c5f17448b6dabdc1d63e24c52ce77b8d76fd6c4602d8de

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.856379977.xyz/e2ci/

Decoy

payee-authorisation-3757.info

saatgaming.com

ryngltd.com

investmentbritish.site

pvsid.com

schuhenmall.com

tc1k.com

laasyaventures.com

xn--m1b3dhzlbde9b5eyap4fzd.com

bestsyst.com

mebauhanhphuc.com

studioachtsamkeit.com

magnoliarealtygranbury.house

joshcimbron.com

igaku.info

bjkhd.com

comfydawg.com

magnoliagroveapartments.com

jewelzbyl.com

qmqpe.com

Targets

- Target
  
  PI_ANTAI_PosMAC_30MT_(20210223-ANT-POSMAC)_BALANCE.exe
- Size
  
  298KB
- MD5
  
  ebd5af0375f296ad5896edaea4c31cfc
- SHA1
  
  78abada0857950b0ff101ff9822ed18c233047d3
- SHA256
  
  cdbc397f34c7b2bb13f08d7444e5d4eac9f9d1205eaf1b3a720c51ab76767d1e
- SHA512
  
  721095e041024b636b33f506ccd048ee384cf0a2280d0a949d394db0eb48f2cd2a6336fb993ade38c3c5f17448b6dabdc1d63e24c52ce77b8d76fd6c4602d8de
Score

10^/10

xloader loader rat
- Suspicious use of NtCreateProcessExOtherParentProcess
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateProcessExOtherParentProcess

Xloader Payload

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2