xloader

General

Target

don.exe
Size

207KB
Sample

210503-vj4ktrq3ss
MD5

6ca72f0ceaf0d1f582856ceeff594c1d
SHA1

c174f3350fb589beea7759eade0f5be0d7959d2c
SHA256

7e9997ea452090062e0512decd987ccd4ad16cc04d8bea777a4c8929b5ba85aa
SHA512

3018288f3125203a8d71b20a962ec672e3b256b4ce30b85dbe155e81355570d1803e72b10c2a8c1f0a34a984eb1ec1adfd7db5a2ca873a654564ae654f9e700f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.montcoimmigrationlawyer.com/uoe8/

Decoy

chalance.design

certifiedlaywernj.com

bsbgraphic.com

caeka.com

zagorafinancial.com

cvingenieriacivil.net

mojilifenoosa.com

bucktheherd.net

sparkmonic.com

catherineandwilson.com

cdefenders.com

intersp.net

santoriniimpressivetours.net

arkansaspaymentrelief.com

tewab.com

bjzjgjg.com

michgoliki.com

oallahplease.com

plaisterpress.com

redyroblx.com

Targets

- Target
  
  don.exe
- Size
  
  207KB
- MD5
  
  6ca72f0ceaf0d1f582856ceeff594c1d
- SHA1
  
  c174f3350fb589beea7759eade0f5be0d7959d2c
- SHA256
  
  7e9997ea452090062e0512decd987ccd4ad16cc04d8bea777a4c8929b5ba85aa
- SHA512
  
  3018288f3125203a8d71b20a962ec672e3b256b4ce30b85dbe155e81355570d1803e72b10c2a8c1f0a34a984eb1ec1adfd7db5a2ca873a654564ae654f9e700f
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2