xloader

General

Target

revised quotation.r15
Size

484KB
Sample

210905-kvfynshdf4
MD5

73256d4ea1d945f21478369fa4e8db84
SHA1

8864e9479cc1bc90fdb30d564f1b8d1fce889c11
SHA256

ca937cc387173ba7f8455d06b1b6aa245c899be412324af26cf762473944c5e7
SHA512

c6961555a3376e554cd3a03c2ad682f18e7b1d6f89f99131b040eec77904c43e2fd5f8d03ffa04161f7cb0415640ebced892cc694577a14e1ce71ee10909e058

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.mack3sleeve.com/n58i/

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

- Target
  
  revised quotation.exe
- Size
  
  521KB
- MD5
  
  d3344f685e1963f478711ee2d2d86c48
- SHA1
  
  6203016b209ecb8d1d4cfc4ffa0a885a33ffa3a8
- SHA256
  
  cc92eda0a8290172b29b51ff05fa235ffd0389fce74d0a40d0e5cc1e4af11497
- SHA512
  
  73f901c6c89e63beaf9638442200aa87b5ba2a988080c262392252a8b3d882451e9e16057fdd0478e391861f951d621ac71d6e7119d5aecc8d2e47a7cb69e5df
Score

10^/10

xloader n58i loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2