xloader

General

Target

5fc118f68d961f9bd3c38d15bd6c0e6eed0b66c12412c344d766460b48355706
Size

219KB
Sample

210507-827yn69tye
MD5

5972ee4c522e2f18ff3102bb94444db5
SHA1

1439b110cd660222879bc7ff4716c1498a87f5c4
SHA256

5fc118f68d961f9bd3c38d15bd6c0e6eed0b66c12412c344d766460b48355706
SHA512

2b621f69ceb36cfe9f3fe68a2df2a5685c0c2b73699ff8cc06b24b510714d43bd267876760fa3768effed7539b61d4957ad660ce135b3261e83984e9ea8584ea

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.christopherngai.com/boit/

Decoy

kuhanticiy.site

rosecoline.com

lapertuna.com

fedeschwalb.com

cvstore1.com

761215.com

secretivecriticaldeeply.net

2503322.com

zhongda8.com

xsynergysip.com

hologramhell.com

argetench.com

rsmenterprises.net

sunsasound.com

thietbinuoc.com

proofreadingbypaulina.com

apnidukan.life

petsmartapp.com

raumluftraum.com

whitehorseavon.com

Targets

- Target
  
  5fc118f68d961f9bd3c38d15bd6c0e6eed0b66c12412c344d766460b48355706
- Size
  
  219KB
- MD5
  
  5972ee4c522e2f18ff3102bb94444db5
- SHA1
  
  1439b110cd660222879bc7ff4716c1498a87f5c4
- SHA256
  
  5fc118f68d961f9bd3c38d15bd6c0e6eed0b66c12412c344d766460b48355706
- SHA512
  
  2b621f69ceb36cfe9f3fe68a2df2a5685c0c2b73699ff8cc06b24b510714d43bd267876760fa3768effed7539b61d4957ad660ce135b3261e83984e9ea8584ea
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2