xloader

General

Target

Quotation_05052021.Pdf.exe
Size

783KB
Sample

210505-vjtbkh5b1s
MD5

d86b6cbadadc853df7822d2b228710ad
SHA1

d0301ea7bb0e59df147952b39d7b8661f17ec8a9
SHA256

d797bbe1f6d58628e5c9d45b38c10ff983064c3230f3222ffa3a17a80172be94
SHA512

31186c39c6d56cf70c13d4823ce6cbb833dcc542445afda81f7722e55af6c6fca4f18cc5005ef7cfca39699d5af6f9a9205aff44c88bfada86742deac52e186b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.themessymarketingpodcast.com/ihmh/

Decoy

easymediaworks.com

palletpickups.com

firstlutheranportwing.com

plannerfest.com

voltageweldingmasks.com

saintboon.com

vanwindowsireland.com

healtheducationzone.com

digitalphotoscans.com

bada66.com

plasticcosmos.com

oikso.xyz

xn--rentenbersicht-lsb.online

debelux.net

siyamiakyel.com

downmountaintrails.com

kertronmackeyenterprises.com

721hk.com

growmaitri.com

islamicaudiobooks.net

Targets

- Target
  
  Quotation_05052021.Pdf.exe
- Size
  
  783KB
- MD5
  
  d86b6cbadadc853df7822d2b228710ad
- SHA1
  
  d0301ea7bb0e59df147952b39d7b8661f17ec8a9
- SHA256
  
  d797bbe1f6d58628e5c9d45b38c10ff983064c3230f3222ffa3a17a80172be94
- SHA512
  
  31186c39c6d56cf70c13d4823ce6cbb833dcc542445afda81f7722e55af6c6fca4f18cc5005ef7cfca39699d5af6f9a9205aff44c88bfada86742deac52e186b
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2