xloader

General

Target

vbc.exe
Size

617KB
Sample

210506-bm5wpyska2
MD5

60b88477173379e55e2d5c678d2a32ff
SHA1

8dcccf0321468fa7e9c51f5cac81ac6da43c0cb5
SHA256

27563e3971b4f2baf6bf551323b1538809038aa456d5e0c02dd5e6a902b8f0e6
SHA512

8705510d538c1e565c7f19d633c1336311dbee239240ef0a2a45b61e37fdb83bb8300348c09e132a80f86cc208e19f532225c08d76644de69f948db951500805

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.gailrichardson.com/qjnt/

Decoy

funeralinsurancetoppro.info

californiaredstate.com

xn--jpr220deud640b.com

playx.finance

siamfellow.com

tekirdagvethelp.com

forrealmodels.com

desenergie.info

whynotplus.com

graniteinaminute.com

satgurucolorlabs.com

potviper.com

racevx.xyz

thebluefishhotel.net

elletesla.com

4608capaydrive.com

buckhead-meat.com

garage-repair-near-me.com

ubique.works

markokuzmanovicpreduzetnik.com

Targets

- Target
  
  vbc.exe
- Size
  
  617KB
- MD5
  
  60b88477173379e55e2d5c678d2a32ff
- SHA1
  
  8dcccf0321468fa7e9c51f5cac81ac6da43c0cb5
- SHA256
  
  27563e3971b4f2baf6bf551323b1538809038aa456d5e0c02dd5e6a902b8f0e6
- SHA512
  
  8705510d538c1e565c7f19d633c1336311dbee239240ef0a2a45b61e37fdb83bb8300348c09e132a80f86cc208e19f532225c08d76644de69f948db951500805
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2