xloader

General

Target

Lancopdf.iso
Size

306KB
Sample

210504-4kfre12qy6
MD5

1ad4f36b3b11dbbde0e6d905898726dc
SHA1

e3d0d30cd7396bc2d0242b719880b3859e9e6d9a
SHA256

7647af23ff3154b3cab47d0ad05f1c9ee4779f8bd862ef6a4e19d4b70185c5c3
SHA512

e0e083a929b78cfb0a40f996ef54cea107de0519e908302a60189d9c96d490c81b4441acffab6dfe3bc3eca3626664e05fc038c419a18e65e1c66e559920ea64

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.buymobilia.com/ugtw/

Decoy

keystohumanconnection.com

kba5imberly.xyz

wanshuila.com

haus2690dsgnbuild.com

sf-exprrss.com

volesvip.com

pointmansoutpost.com

rytfs.com

hosoume.com

momentsbymich.com

foxterrier-vonderfinsterley.com

uviibe.com

chiaraborrello.com

ild.academy

chinchinyap.com

cn-emmy.com

ixhaberler.com

styles28.space

schutz-service.com

ycgcwsp.com

Targets

- Target
  
  Lanco,pdf.exe
- Size
  
  245KB
- MD5
  
  d539972067e967998d09d0a2f1b31b52
- SHA1
  
  20fce9b0e4e0f86143dfba1259b0293a32d74cbb
- SHA256
  
  b36a2901bfafd8723bfddd0388f65b0a46237b063ca33edbf773bb589f929981
- SHA512
  
  ffa91ce8a780bf1a8fb9f2dba0d5fc74744c82a600d6890acafeff6610828e6d8da751b34cb2ea46558c9a2387c66415c82c254c6131467546fbbae19b3bcd65
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2