xloader

General

Target

Airwaybill # 6913321715.exe
Size

731KB
Sample

210503-ntgg839wjj
MD5

ec688da75f5a09380ed742dd9588a371
SHA1

c4b3a08c2c06fc6f9a0fadd3372d34f4d2124223
SHA256

e0f93dc02d0e89dd09178d7bdae7aeb74338d7f2e3678d7be4e975256dde69ae
SHA512

40a03b0ed8bbcde43e99cf8942f24678fabf6e368e480ea2aa641e60fd2be65e3c193244b83ab7ad763636643b75f35bebf6b2211c0c8ec11e647f6f6ca89f11

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.2ndschool-smilekids.com/8njn/

Decoy

856379832.xyz

thesnehaskitchen.com

httzi.com

kroyalefamily.com

michgoliki.com

wyzbank.mobi

coachingco-op.com

022892.com

vr561.com

digitalclientexperiences.com

pagingfun.com

forlitecnica.com

rodeowyo.com

jkxxm.com

rekainc.site

mi-atelier.com

meatoys.com

justinstable.com

ripepeach.net

bodrope.com

Targets

- Target
  
  Airwaybill # 6913321715.exe
- Size
  
  731KB
- MD5
  
  ec688da75f5a09380ed742dd9588a371
- SHA1
  
  c4b3a08c2c06fc6f9a0fadd3372d34f4d2124223
- SHA256
  
  e0f93dc02d0e89dd09178d7bdae7aeb74338d7f2e3678d7be4e975256dde69ae
- SHA512
  
  40a03b0ed8bbcde43e99cf8942f24678fabf6e368e480ea2aa641e60fd2be65e3c193244b83ab7ad763636643b75f35bebf6b2211c0c8ec11e647f6f6ca89f11
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2