xloader

General

Target

76ffc32ba98dd84e396af77ad4311d99b3a1bbb0
Size

920KB
Sample

210506-brctkwxpa6
MD5

e9777bb4745f38009a1d806392a437e5
SHA1

76ffc32ba98dd84e396af77ad4311d99b3a1bbb0
SHA256

eb8c5fa3da30f5d972e7d30767099990aadce5af9e046a2765b0c64222eab118
SHA512

794f80a25ae343075421e2d6a030d3a30ef0f2790649fad1c7fc80b31b4ce9d755dfe10634e0d28a684f39d2cffec0c8e7c17d18547df88335ef2d5c2de29f0f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.asconstructionin.com/m3rc/

Decoy

manonkelley.com

prosperouspromises.com

biglebowlski.com

zhenyash.com

wayinfinite.com

vaginalmedicine.com

garnogroup.com

6-8-8-8-8.website

universtal.com

gillet.pro

hwrfxkna.com

unapersonaestabien.com

organicdiehards.com

santini7.com

salt9pepper.com

ericasorganiclife.com

vipgifts.online

mariozumbo.com

genetikfatura.com

heypapabear.com

Targets

- Target
  
  76ffc32ba98dd84e396af77ad4311d99b3a1bbb0
- Size
  
  920KB
- MD5
  
  e9777bb4745f38009a1d806392a437e5
- SHA1
  
  76ffc32ba98dd84e396af77ad4311d99b3a1bbb0
- SHA256
  
  eb8c5fa3da30f5d972e7d30767099990aadce5af9e046a2765b0c64222eab118
- SHA512
  
  794f80a25ae343075421e2d6a030d3a30ef0f2790649fad1c7fc80b31b4ce9d755dfe10634e0d28a684f39d2cffec0c8e7c17d18547df88335ef2d5c2de29f0f
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2