xloader

General

Target

QUOTATION REQUEST.exe
Size

728KB
Sample

210503-pkbhn7gghe
MD5

64af41000584694858d0fcc37b1bf69b
SHA1

707c77c61fafdd736c1e02bfdbc8ce7ce24cc759
SHA256

fea7b692b71803eb020f04ec1a5f8118f5845910d9677fdb4636d9a7d209d0fa
SHA512

dff4927081ff280eb4e707660c596adfbf8ada0f02cdbf8dd2414cb368b8036708558e854b892eda7dc0049c11df6ff1044cb0ec7c9ae9a32851ba3790fd7177

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.pedroiniesta.net/n7ad/

Decoy

orchardevent.com

inthebeginningshop.com

keodm.com

hangthejury.com

cannabisllp.com

letsratethis.com

milanfashionperu.com

adcvip.com

professionalcprclasses.com

checkmytradesmanswork.com

sloanksmith.com

apnajamshedpur.com

665448.com

zryld.com

cabot.city

graet.design

furbabiesandflowers.com

silkisensations.com

sawubonastore.com

screenwinz18.com

Targets

- Target
  
  QUOTATION REQUEST.exe
- Size
  
  728KB
- MD5
  
  64af41000584694858d0fcc37b1bf69b
- SHA1
  
  707c77c61fafdd736c1e02bfdbc8ce7ce24cc759
- SHA256
  
  fea7b692b71803eb020f04ec1a5f8118f5845910d9677fdb4636d9a7d209d0fa
- SHA512
  
  dff4927081ff280eb4e707660c596adfbf8ada0f02cdbf8dd2414cb368b8036708558e854b892eda7dc0049c11df6ff1044cb0ec7c9ae9a32851ba3790fd7177
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2