xloader

General

Target

SecuriteInfo.com.Scr.Malcodegdn30.14128.26302
Size

501KB
Sample

210910-fbpdgscchm
MD5

c9bd9f624a71fbfafd2f09d361ec3082
SHA1

42521533146be0b9a72682d450ef6f168c9f4aae
SHA256

ce5200f83fa5cb0f31b93edbfbc372e3d93bc71450f77ba705b452ca523e24e5
SHA512

aa63c6c7adc65d2a7fdd8fadaf2df2081114f154cc99e8de2de0026b2bafe26501cdde1aab66f3922557afa5df3000e5f7d7d5a36c77c14c992bf625437fc40e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.biosonicmicrocurrent.com/n58i/

Decoy

electrifyz.com

silkpetalz.net

cognitivenavigation.com

poophaikus.com

orchidiris.com

arteregalos.com

dailybookmarks.info

gogoanume.pro

hushmailgmx.com

trjisa.com

notontrend.com

2020polltax.com

orderhappy.club

panggabean.net

govsathi.com

hrsbxg.com

xvideotokyo.online

lotteplaze.com

lovecleanliveclean.com

swaphomeloans.net

Targets

- Target
  
  SecuriteInfo.com.Scr.Malcodegdn30.14128.26302
- Size
  
  501KB
- MD5
  
  c9bd9f624a71fbfafd2f09d361ec3082
- SHA1
  
  42521533146be0b9a72682d450ef6f168c9f4aae
- SHA256
  
  ce5200f83fa5cb0f31b93edbfbc372e3d93bc71450f77ba705b452ca523e24e5
- SHA512
  
  aa63c6c7adc65d2a7fdd8fadaf2df2081114f154cc99e8de2de0026b2bafe26501cdde1aab66f3922557afa5df3000e5f7d7d5a36c77c14c992bf625437fc40e
Score

10^/10

xloader n58i loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2