xloader

General

Target

babda8d430f5f46986eacf505ee1cb9cf017032bf4ec985fa20a1a6c73e7543e
Size

212KB
Sample

210508-hddvsl66dj
MD5

4d2dfa95fd5af26aa2c2f44b4f54a73a
SHA1

2dd957be65d8a28140b7a910e8b9da9b695ef281
SHA256

babda8d430f5f46986eacf505ee1cb9cf017032bf4ec985fa20a1a6c73e7543e
SHA512

c82d9424722d5a36904963e1cfab6602721495bfde358a8517a5ef7d78d34a2c52546127ff3a4954ce69832e5b936690c9389dd94f7a5598ad37f905ae30c56f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.hono-idea.com/bncm/

Decoy

reflexinsurance.com

autofilterfinder.com

tonisoftball.com

xl0775.com

ekeela.com

yuukaidojo.com

power199.com

smilingpress.net

ssmnashvillerecordingstudio.com

lagacetarivieramaya.com

reves-ailes.com

unattractiveappearance.cloud

sabinoforshe.com

hiphopnaija.xyz

cxosshatch.com

positivses.com

o0djh.site

yfsdy33.club

eesap.com

nothingbutallgoods.com

Targets

- Target
  
  babda8d430f5f46986eacf505ee1cb9cf017032bf4ec985fa20a1a6c73e7543e
- Size
  
  212KB
- MD5
  
  4d2dfa95fd5af26aa2c2f44b4f54a73a
- SHA1
  
  2dd957be65d8a28140b7a910e8b9da9b695ef281
- SHA256
  
  babda8d430f5f46986eacf505ee1cb9cf017032bf4ec985fa20a1a6c73e7543e
- SHA512
  
  c82d9424722d5a36904963e1cfab6602721495bfde358a8517a5ef7d78d34a2c52546127ff3a4954ce69832e5b936690c9389dd94f7a5598ad37f905ae30c56f
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2