xloader

General

Target

fb6c841478354f42dd2baa5e0b617dff.exe
Size

207KB
Sample

210503-q3tm3axnh2
MD5

fb6c841478354f42dd2baa5e0b617dff
SHA1

c1d1212b6e7cae77ae2d617f461a7d6003cb6c6c
SHA256

b55552391ee123f26e577b412c0df78bd0a59644ec510d1e7e708feff12a2abb
SHA512

49fdaae6792f72de12b4303c4a1874a99e7d1c69bb32cb37d59d9e207e693cdf90612f5ec8278cd7e1cb8c1d1dcd8124b7f66165ed6730ab5c1ec0e8cc8dddb8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.montcoimmigrationlawyer.com/uoe8/

Decoy

chalance.design

certifiedlaywernj.com

bsbgraphic.com

caeka.com

zagorafinancial.com

cvingenieriacivil.net

mojilifenoosa.com

bucktheherd.net

sparkmonic.com

catherineandwilson.com

cdefenders.com

intersp.net

santoriniimpressivetours.net

arkansaspaymentrelief.com

tewab.com

bjzjgjg.com

michgoliki.com

oallahplease.com

plaisterpress.com

redyroblx.com

Targets

- Target
  
  fb6c841478354f42dd2baa5e0b617dff.exe
- Size
  
  207KB
- MD5
  
  fb6c841478354f42dd2baa5e0b617dff
- SHA1
  
  c1d1212b6e7cae77ae2d617f461a7d6003cb6c6c
- SHA256
  
  b55552391ee123f26e577b412c0df78bd0a59644ec510d1e7e708feff12a2abb
- SHA512
  
  49fdaae6792f72de12b4303c4a1874a99e7d1c69bb32cb37d59d9e207e693cdf90612f5ec8278cd7e1cb8c1d1dcd8124b7f66165ed6730ab5c1ec0e8cc8dddb8
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2