xloader

General

Target

4a.zip
Size

679KB
Sample

210504-mrspf6v9mn
MD5

f7b73947f96e3c34620f829256aca4d9
SHA1

fec6158936bda16f2a3cdb56d7dcbca2f291836c
SHA256

5d5d3759e3350abef81021ccf0af5932de24d1e04b93342906f6f86d023ed871
SHA512

8e3a616fc53be2ab0d6b57242220f2d6011cc7887c2b9846addbcb1234cd6b2aebe3d9047e1cbfad1d0b97e5f86f9659f8d189314a1859a8acf16636ebb4d2b6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.pedroiniesta.net/n7ad/

Decoy

orchardevent.com

inthebeginningshop.com

keodm.com

hangthejury.com

cannabisllp.com

letsratethis.com

milanfashionperu.com

adcvip.com

professionalcprclasses.com

checkmytradesmanswork.com

sloanksmith.com

apnajamshedpur.com

665448.com

zryld.com

cabot.city

graet.design

furbabiesandflowers.com

silkisensations.com

sawubonastore.com

screenwinz18.com

Targets

- Target
  
  fea7b692b71803eb020f04ec1a5f8118f5845910d9677fdb4636d9a7d209d0fa.bin
- Size
  
  728KB
- MD5
  
  64af41000584694858d0fcc37b1bf69b
- SHA1
  
  707c77c61fafdd736c1e02bfdbc8ce7ce24cc759
- SHA256
  
  fea7b692b71803eb020f04ec1a5f8118f5845910d9677fdb4636d9a7d209d0fa
- SHA512
  
  dff4927081ff280eb4e707660c596adfbf8ada0f02cdbf8dd2414cb368b8036708558e854b892eda7dc0049c11df6ff1044cb0ec7c9ae9a32851ba3790fd7177
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2