xloader

General

Target

uiza7XkNGQPRQvb.exe
Size

693KB
Sample

210722-pxalea6csx
MD5

9d9f2d5ba71372d4bbd85a9088ba7bc7
SHA1

353192974e4f523bdcb472478e5a652e194c6481
SHA256

a6169937c872aefc3f1e5c13e40f05d9cb0cbba3a16490f134b810b47027b035
SHA512

7ea510bdc7057f5442055b8c36b329e8e0c68cdc2c0f93a693e69979307369d2eb662093ecc53ee6b03b2667598fa28b9d01ed15679f98fce2eec911e5c564a8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.lapashawhite.com/p596/

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

- Target
  
  uiza7XkNGQPRQvb.exe
- Size
  
  693KB
- MD5
  
  9d9f2d5ba71372d4bbd85a9088ba7bc7
- SHA1
  
  353192974e4f523bdcb472478e5a652e194c6481
- SHA256
  
  a6169937c872aefc3f1e5c13e40f05d9cb0cbba3a16490f134b810b47027b035
- SHA512
  
  7ea510bdc7057f5442055b8c36b329e8e0c68cdc2c0f93a693e69979307369d2eb662093ecc53ee6b03b2667598fa28b9d01ed15679f98fce2eec911e5c564a8
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2