xloader

General

Target

DHL Receipt_AWB811470484778.exe
Size

1.2MB
Sample

210506-j8a6jkjabe
MD5

54e12bb22e93723f1207f9b0c68ce740
SHA1

c4c2bd10d4e5a21997e1b5a2eec5beccd63759ea
SHA256

47e832373110163a11b922941cb9a2377c7e44ed290a528073152b0fb1ffef93
SHA512

d1741eecc9bb3177ce4b115ded4379af5d4898a9088882f130f3a52ecfca5cdefd488316e8076f42c56d5e0c12119b38de28236429b67daaf9262b64af1a5bf3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.maleev.design/a7dr/

Decoy

thevirginiahighlanders.com

crazybenzi.com

nottruthful.com

happi.info

amjadlighting.com

mlebentv.com

pogrebnolipa.com

907wine.com

programheart.com

jenniferlarmstrong.com

alexjcarpenter.com

rokyslegendou.com

confidenceismine.com

thegeek420.com

hover-lover.com

conversationallawinstitute.com

ssonya.com

woopyyl.com

ebotasymas.com

nysobvakoiijqjs.com

Targets

- Target
  
  DHL Receipt_AWB811470484778.exe
- Size
  
  1.2MB
- MD5
  
  54e12bb22e93723f1207f9b0c68ce740
- SHA1
  
  c4c2bd10d4e5a21997e1b5a2eec5beccd63759ea
- SHA256
  
  47e832373110163a11b922941cb9a2377c7e44ed290a528073152b0fb1ffef93
- SHA512
  
  d1741eecc9bb3177ce4b115ded4379af5d4898a9088882f130f3a52ecfca5cdefd488316e8076f42c56d5e0c12119b38de28236429b67daaf9262b64af1a5bf3
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2