xloader

General

Target

tgix.exe
Size

1.1MB
Sample

210506-a4wxhqscgx
MD5

2e3f9f38f7cb188b1f25028061c75724
SHA1

6fcc9441c9738e854d38e21a92a2a211049dc612
SHA256

b356ada562e3300d6a94806979b8920abbae8b40ff9ce89b5f5c2a10e0f970b0
SHA512

046ccf12497f5a63a1033b83ecd0a390e1eb088d9bcb5636163b1bb4b5d4a1b04532c7497a27a18b01a6a70739bb72b211376e99bb3b5572a7ba83766ab75550

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.liancaiwangv5.com/oerg/

Decoy

brightly-common.com

petwellness.pet

oldhamluxury.com

cmpembroidery.com

physicalrobot.com

irynazumba.com

testyourself11.com

theblacksportswoman.com

mottestertraining.agency

confrontinghate.info

tamiigun.com

pod14.club

implementnowsolutions.net

letsdance.website

cashforkeysdz.net

grupoprotecsasac.com

kol-lek-tiv.net

funeralhomesmaroail.com

lwfunding.com

junkglobal.com

Targets

- Target
  
  tgix.exe
- Size
  
  1.1MB
- MD5
  
  2e3f9f38f7cb188b1f25028061c75724
- SHA1
  
  6fcc9441c9738e854d38e21a92a2a211049dc612
- SHA256
  
  b356ada562e3300d6a94806979b8920abbae8b40ff9ce89b5f5c2a10e0f970b0
- SHA512
  
  046ccf12497f5a63a1033b83ecd0a390e1eb088d9bcb5636163b1bb4b5d4a1b04532c7497a27a18b01a6a70739bb72b211376e99bb3b5572a7ba83766ab75550
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2