xloader

General

Target

6676755EU.ace
Size

225KB
Sample

210505-gkcxp9nwss
MD5

316a71e98446efb5a2a88043b452502e
SHA1

5362672f0de90517c657bbbd7982e539d10aa20d
SHA256

d965248873f10bf4dc73f66b1cdd63e2baae1f58023ba6c5fcbec2180da361f1
SHA512

5cc200448d23ba12d18c1dde8b0ac4f105921a3e3d8af826b11b2a8bb67b333050addab2a7ab25aabe2aeeb289434b5928fa05b9f42ef1929325d1bf7b61b3a5

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.wwwnptpool.com/cea0/

Decoy

answerwith.com

bingji5.com

choicesrecoverytrainings.com

goodyearpromotions.com

projectguruji.com

outofsandbox.com

chicagosingersforhire.com

goprosquad.com

askmohsin.com

avangardinmobiliaria.com

ultimabritannia.com

alimentafricain.com

recruit-marilyn.com

massu-blog.com

commandsilicon.icu

clearchannel.sucks

greenatlasng.com

spatialdesignoxford.com

nurzia.net

technocratbusiness.com

Targets

- Target
  
  6676755EU.exe
- Size
  
  392KB
- MD5
  
  21aded2e81b866f45ecfc74f98313388
- SHA1
  
  afe79c64082ebdab80852f16e94ec852039c66d5
- SHA256
  
  658b1b36afe7b456ed4ee5935072485e535a524dfbb863e14ee9fe4fbd5884cb
- SHA512
  
  833d047e96e10e717c34f482448cf7ce775604d1797aede87b822967477e1c107c190c5b7e1f20d70759469db75137028f18345ed0628a4cb12a1a655027fca6
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2