xloader

General

Target

Purchase Order Item No 1 - 10.PDF.gz
Size

336KB
Sample

210820-g9jjjx4rte
MD5

f6212e90f2be56a3a8687e0d54c21851
SHA1

86a7ea04a734b0062e262cfe38bd74b349905308
SHA256

1303f245b1bfefa140ee6f3ec5b83bba8da74fba9f89f533739896a8f661c314
SHA512

3da679fb5f7739fe0c7a544bf18ae3c000bc10e94af34cb593bdb2dd150de008265975be3c2c2f2269ed8469f83cc0640e84fb091d4a080645662885f122811d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

mabs

C2

http://www.heehan.com/mabs/

Decoy

joiderqm.com

hyc306.com

ouchplus.asia

abrosnm3.com

hospitalanti-infectives.com

ala-co.com

morrisonltts.net

tradingimpulse.com

invisibleimagination.com

jdjshop.com

huntedby.com

szsgfdzx.com

germfightersusaiowa.com

pahaadpost.com

obrankers.com

plaeralum.com

getfitwithmeministry.com

smartswaploan.com

gypsyjewelrydesigns.com

meetgoodwill.info

Targets

- Target
  
  PO.exe
- Size
  
  514KB
- MD5
  
  16a2312831f3a93efc3cba73a280143c
- SHA1
  
  f7f5200cfaab8fbed1d9c123859494817430cd98
- SHA256
  
  54fbfecf2aebe38870bdb6e6a6bbc830439d9a70ac68f2195f43d37cb6755e28
- SHA512
  
  95647730541bea9dc9ae28651fd06096acc901f4c505600e9bcde3454862e25642f3d1fefba8024141e26a512cab74c1a410648a0412db2cbfc793402288c988
Score

10^/10

xloader mabs loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2