xloader

General

Target

zeO9m3gOpDWG5B4.bin.zip
Size

591KB
Sample

210722-xnr2d8eej6
MD5

b611a76da79672927ce9283b8b8a4073
SHA1

af49fd5d4b0428597c13b6ca8191cedf36ffd11f
SHA256

fb41c68e0f07ce1cce78c5e0a8eee7f24fd8024fff1642dab1830b82f34414a8
SHA512

a74af58ed2ed745da0b87b157469f22dc5b8b36d3ae2a0ae8e6da51d47a89e173a16fbf0acaa45cf70a8d3c3404994cad30b593a92a470d429abd4949e181d96

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.brackishcompany.com/b2w3/

Decoy

turnongrowth.com

jc0019.com

myburlingtonfeedback.com

orlandobestsolution.site

newmillenniumgaming.com

dynalink.life

unityr.com

printedcactus.com

sevenlivesmedia.com

sigfox.site

arossoevents.com

fierceferal.com

jminsulation.company

comenothayarc.com

aurasellsrealestate.com

ddcfstore.com

nuwaves22.com

uuoouu-2.store

cogswellstestcogs.com

blockmoneybranding.com

Targets

- Target
  
  zeO9m3gOpDWG5B4.bin
- Size
  
  694KB
- MD5
  
  f1505c03ec89a6e428d192f2ecaa6b76
- SHA1
  
  dfc541fbadaaaa3e2184112cf969a6db32cb8da4
- SHA256
  
  9b4bcf870a79699cea2ef0add03b741bf14296f50b089a648f57903519eb8e7e
- SHA512
  
  7e35e606644f9c8530b321d5a1f2d8138644f987ca6c2ac7dc2fa2661123a3422589a50a86cbfc3837577cc35750b12e11acf26388348afcbb34a855fd834861
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2