xloader

General

Target

4d9f21a8719054ede23ff9a28900c56d
Size

1.2MB
Sample

210727-y5f65tdnzs
MD5

4d9f21a8719054ede23ff9a28900c56d
SHA1

2c67a8afcecf4e9591592761aeb13ef02cb42252
SHA256

46241be04eb48d9eed1aeb8a809f8baeff44cc73c5e533ab1d266f5f1fcf275a
SHA512

ada925798a57c2d8a88e65af6b7cf2584b190457d77e784125f9ec8c6ab553feb6b1125429c2ecc08d9581eb6a36b92026d54399e6e74a899d3bee693ed3d0fa

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.thafresnelgroup.com/p1nr/

Decoy

sooncbd.com

gooddogs.direct

tauding.com

cydip.com

enlistedconnection.com

qa5g.com

makeandmendproductions.com

casethepeer.com

themusicseeds.com

xn--dlicatbikini-beb.com

unlimitedfp.com

homemadebakeries.info

thedealaccessories.com

mpoweru.life

dannalerma.com

toploveconcierge.com

ciaslo02.com

501581.com

mywordsunspoken.com

corrections-coaching-vienne.com

Targets

- Target
  
  4d9f21a8719054ede23ff9a28900c56d
- Size
  
  1.2MB
- MD5
  
  4d9f21a8719054ede23ff9a28900c56d
- SHA1
  
  2c67a8afcecf4e9591592761aeb13ef02cb42252
- SHA256
  
  46241be04eb48d9eed1aeb8a809f8baeff44cc73c5e533ab1d266f5f1fcf275a
- SHA512
  
  ada925798a57c2d8a88e65af6b7cf2584b190457d77e784125f9ec8c6ab553feb6b1125429c2ecc08d9581eb6a36b92026d54399e6e74a899d3bee693ed3d0fa
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2