xloader

General

Target

PP,Sporda.exe
Size

243KB
Sample

210511-ws41w6e5y2
MD5

96fc6b340885ae82ac19228903cb2548
SHA1

5f63c934e018aa83f51f7f7f516fb5d195ab27e9
SHA256

ea66d2f582f9da718979a56b628e19a5712e41e979808cb84a8cb427fbe1ab30
SHA512

6db3726ef698b704c5c7ad04e7f6b6c6ed2413b819970b2e7f1efbfdf167204a4613607bdb98ee8c9132f2032963f661557c18fd58967507350764b274e892a3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.buymobilia.com/ugtw/

Decoy

keystohumanconnection.com

kba5imberly.xyz

wanshuila.com

haus2690dsgnbuild.com

sf-exprrss.com

volesvip.com

pointmansoutpost.com

rytfs.com

hosoume.com

momentsbymich.com

foxterrier-vonderfinsterley.com

uviibe.com

chiaraborrello.com

ild.academy

chinchinyap.com

cn-emmy.com

ixhaberler.com

styles28.space

schutz-service.com

ycgcwsp.com

Targets

- Target
  
  PP,Sporda.exe
- Size
  
  243KB
- MD5
  
  96fc6b340885ae82ac19228903cb2548
- SHA1
  
  5f63c934e018aa83f51f7f7f516fb5d195ab27e9
- SHA256
  
  ea66d2f582f9da718979a56b628e19a5712e41e979808cb84a8cb427fbe1ab30
- SHA512
  
  6db3726ef698b704c5c7ad04e7f6b6c6ed2413b819970b2e7f1efbfdf167204a4613607bdb98ee8c9132f2032963f661557c18fd58967507350764b274e892a3
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2