xloader

General

Target

neworder106exe.zip
Size

744KB
Sample

210722-5tsrw4pdrj
MD5

1764190c2571df299ea26fa905d878ac
SHA1

a87977414c85d6c038be6ed598386f507e485971
SHA256

89b855b230b5777edfa1d3081dc90c2f548e4fd4c232f4f7ed564ca3b57ad2a6
SHA512

1ffb084e81ce6b08179dcf879f172cd31054637103720a2e4563aadb4d92aa51a3f17238d4a6ccfb9337506268efd39da3fc0c8756b6fa453767b9fe047a1bd6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.cannabisoutletonline.com/n86i/

Decoy

purpose-guide.com

averyshairco.com

blockchain-365.com

jismlmuu.icu

famosobambino.com

firstclasstruckingny.com

oracleoftheinternet.com

alliesdispatchlogistics.com

salten2.com

bfactivator.com

jgc40.com

nanninghao.com

eigorilla.info

predies.com

dmzg-cn.net

registratetexas.com

maxifina-aprovado.com

mdqqy-dliv.xyz

annurenterprise.com

dongtrunghathaovanphuc.com

Targets

- Target
  
  dc4009d829db9ec3a2da3f28aeeb7056c854ceb1be8a387793f9bc62b7cdf343.bin
- Size
  
  883KB
- MD5
  
  6e6d7d292cf6dd9fef2b47d1b8d49c41
- SHA1
  
  3c23c2b7d054eb07f6ed3fd2e2cfd9f75cb7f7f4
- SHA256
  
  dc4009d829db9ec3a2da3f28aeeb7056c854ceb1be8a387793f9bc62b7cdf343
- SHA512
  
  99c433449f3b40d9aa18ec34e852f020b06f3d6bbcf327e8ee8d61cd1df2d4d0c3f20b5cc70ea3dbc1ed0bb98dd54d9de076ffbefdc0da7581fb7984ef78f1b6
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2