xloader

General

Target

so.exe
Size

650KB
Sample

210505-vbf8y5pbfj
MD5

5551346aa9f251895021b95a2a7cc390
SHA1

acbcecf7599d3c33f6f2a36c0947cfc633d0a406
SHA256

9e189d8d48a66d2f53c972275642da7cbc8ad51b20f04cf1d592bef360db50cf
SHA512

35e43a0f2ef1dd2dfaf921d8af3a4f3ef0f4675479d496141358561c84a3b8c8b1a5bd9497fe6c26757d3e6637edab538ac587d73bc6d47e9b90b751abf55ba3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.cats16.com/8u3b/

Decoy

pipienta.com

wisdomfest.net

jenniferreich.com

bigcanoehomesforless.com

kayandbernard.com

offerbuildingsecrets.com

benleefoto.com

contactlesssoftware.tech

statenislandplumbing.info

lifestylemedicineservices.com

blazerplanning.com

fnatic-skins.club

effectivemarketinginc.com

babyshopit.com

2000deal.com

k12paymentcemter.com

spwakd.com

lesreponses.com

abundando.com

hawkspremierfhc.com

Targets

- Target
  
  so.exe
- Size
  
  650KB
- MD5
  
  5551346aa9f251895021b95a2a7cc390
- SHA1
  
  acbcecf7599d3c33f6f2a36c0947cfc633d0a406
- SHA256
  
  9e189d8d48a66d2f53c972275642da7cbc8ad51b20f04cf1d592bef360db50cf
- SHA512
  
  35e43a0f2ef1dd2dfaf921d8af3a4f3ef0f4675479d496141358561c84a3b8c8b1a5bd9497fe6c26757d3e6637edab538ac587d73bc6d47e9b90b751abf55ba3
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2