xloader

General

Target

code E05.exe
Size

874KB
Sample

210818-66yr5enszj
MD5

d342d2101b2e0aeb494f314db2c9f601
SHA1

411dc7844bfcd0c2a15a0e55bf99450f87b15f0f
SHA256

c43451d310a9e29209b9658e9ae37da0e69a43699a910dd5904e4a7ea9b6e68d
SHA512

da9b446241d8c728229285cbed06281bfa439f4179c6facd1a8e2b73b6d83f3a7ee9567247495bdc412d90bfad8d303b60cbec8b22e5f5e3e8a891931942be84

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

be4o

C2

http://www.wapteas.com/be4o/

Decoy

gosth-kitchen.com

300coin.club

mdseenergys.com

weizhong.asia

pixorum.com

rdchicken.com

beverlyhills-mc.com

voteelliot.com

noithatsongtung.com

bestiepetinsurance.net

pannacottagames.com

materaweddings.com

kryodry.com

hardlikeaboss.com

fnhope.com

blun33.com

rentmystuff.pro

maimaimaoba.com

caneteperu.com

lata-gouveia.com

Targets

- Target
  
  code E05.exe
- Size
  
  874KB
- MD5
  
  d342d2101b2e0aeb494f314db2c9f601
- SHA1
  
  411dc7844bfcd0c2a15a0e55bf99450f87b15f0f
- SHA256
  
  c43451d310a9e29209b9658e9ae37da0e69a43699a910dd5904e4a7ea9b6e68d
- SHA512
  
  da9b446241d8c728229285cbed06281bfa439f4179c6facd1a8e2b73b6d83f3a7ee9567247495bdc412d90bfad8d303b60cbec8b22e5f5e3e8a891931942be84
Score

10^/10

xloader be4o loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2