xloader

General

Target

Order.rar
Size

577KB
Sample

210722-kygd1wjb72
MD5

79b3162b7e3475b13f59534f0ebd4dc8
SHA1

56d4a77d78b30f337a591bd55019a7c59d696191
SHA256

e2d88ba9aa27e614d7903012b8928f7d6453bf282b26d9cb7f4ac532998e5a1b
SHA512

e01429bbbba83a77c7ab9c9cd73b5eff95904d6568f20f59179a0dcbddb8a3acc5943e711735586ec782fa9ee4cd0753f11afbb9abba9c839b45383af0237da4

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.designsbynandini.com/fznn/

Decoy

petmarketsolutions.com

themummymarketplace.com

themidnightcollectivepdx.com

detoxshake.site

ross76.com

tom-tours2020.com

domoservis.com

allcombuildingsvc.com

padelshop.online

wosaying.com

heafg.com

inglesbrasileiro.com

santaclausonline.net

voiceofmagic.com

lafayettelc.com

communal-sleeve.net

extremecouponing.online

mypomate.com

rtdrillbit.com

therealtortaylor.com

Targets

- Target
  
  Order.exe
- Size
  
  818KB
- MD5
  
  a7bb91a78c6b6272939d6a4703aa1924
- SHA1
  
  e746e1443d6a85ea03ebf0c653015f14a3002bd4
- SHA256
  
  883418c697628c67c95a239380f1e9bc03d554d5c97921568b5e9c25dfa4758c
- SHA512
  
  1ad9bbc9886f7b8f58d2efff7b27801c71ec7017e1315b31b51052a8e0fe3cb815431d7fba3d1f479a48264ab89b0b5c3d51579a3269c1a464f9094ac48efa13
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2