xloader | 6716f9ca37043f0684164a12c5971f67c738cefb8b8322556d970f60333d72b0 | Triage

Sharing

General

Target

PAYMENT INSTRUCTIONS COPY.exe
Size

902KB
Sample

210511-p13tpxq7gn
MD5

21e8676fede4e9e629ac0b0e36a3772a
SHA1

2643fb666f938fbdc0ce81994629a2ad152451af
SHA256

6716f9ca37043f0684164a12c5971f67c738cefb8b8322556d970f60333d72b0
SHA512

e527eec19599469bbecb64f502279a68b969920a3828524fdd455d232b3e9fdb14e4cda89623250ea6483113043ff48fa1fbe72c1b46c9ce5a0992661da00a54

Score

10^/10

xloader loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.ursulaaubri.com/s5cm/

Decoy

labibmasas.com

puppy-os.com

campingquick.com

bluewavewelding.com

qizhukeji.com

economiemalin.com

tomrings.com

mdduct.com

cloodgame.com

acadiepresse.com

daleradio.net

kampanyalisayfalar.digital

instrumentsets.com

centralcoastcardeals.com

xn--fiqyww2q3xd.xyz

annafelicia.com

vinkle.net

somebodyelsesdesigns.com

thatsohaute.com

gaoxiaoduan.com

Targets

- Target
  
  PAYMENT INSTRUCTIONS COPY.exe
- Size
  
  902KB
- MD5
  
  21e8676fede4e9e629ac0b0e36a3772a
- SHA1
  
  2643fb666f938fbdc0ce81994629a2ad152451af
- SHA256
  
  6716f9ca37043f0684164a12c5971f67c738cefb8b8322556d970f60333d72b0
- SHA512
  
  e527eec19599469bbecb64f502279a68b969920a3828524fdd455d232b3e9fdb14e4cda89623250ea6483113043ff48fa1fbe72c1b46c9ce5a0992661da00a54
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

xloaderloaderrat