xloader

General

Target

be35f0ce65b229e225d6c65b48704a2a
Size

586KB
Sample

210727-z62jgwjjex
MD5

be35f0ce65b229e225d6c65b48704a2a
SHA1

0f47018085e461e2b138e501393c94a173d90269
SHA256

8bc53adb417402cf954d8018bc35c0f4f853d5a2e3471c4de98ca8e1fa8fa1e9
SHA512

9fa74f93f266e72647e74860f4792fa7ed3a3181798c9add49d23ba380f6bca0590c67c5df5f4bad53ef6cfd49dbcd3b8c2266d580729dfce73cd497ef867772

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.arogyanlife.com/b82a/

Decoy

annguyet.net

parkwood.tech

readysetmortgage.net

betraywithdraw.com

incmagazine.xyz

dentistinpimplesaudagar.com

lianhx.com

prodrelease0827b.com

safehavenwellbeing.com

gehdeinweg.club

sondaggio123.space

prospecx.report

remediate.info

savylash.com

puppornstar.com

coaching-romand.com

boozeshops.com

team316media.com

ldgawydtl.icu

trezteez.com

Targets

- Target
  
  be35f0ce65b229e225d6c65b48704a2a
- Size
  
  586KB
- MD5
  
  be35f0ce65b229e225d6c65b48704a2a
- SHA1
  
  0f47018085e461e2b138e501393c94a173d90269
- SHA256
  
  8bc53adb417402cf954d8018bc35c0f4f853d5a2e3471c4de98ca8e1fa8fa1e9
- SHA512
  
  9fa74f93f266e72647e74860f4792fa7ed3a3181798c9add49d23ba380f6bca0590c67c5df5f4bad53ef6cfd49dbcd3b8c2266d580729dfce73cd497ef867772
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2