xloader

General

Target

4444.exe
Size

459KB
Sample

210910-jqflnshfh2
MD5

a3e29a08e40f22092782a69ada250f36
SHA1

5597636fe0d024ad1831b30cc5b16764847a2085
SHA256

4a91d8f52d07bcd7fde157c6b56e2881c4abba94a0f7921633da4ae2bba53074
SHA512

b8060bf8147e9659790957f42c6ce5b8906f862e57f20c810d4bf12e48174e8a9fccb6f9842713f4079e3ec95bef3a4489873faaf970e3db388b1923b35dd8f7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

t75f

C2

http://www.vertexnailsblaine.com/t75f/

Decoy

onegolfsydney.com

kaizensportscoaching.com

mliacbjv.icu

rinstech.net

midas-parts.com

istmenian.com

ibrahimpike.com

herbspaces.com

gentleman4higher.com

workabusiness.com

isabusive.website

222555dy.com

lwhyzhzb.xyz

gabrielabravoillanes.com

hearthomelife.com

buildswealth.com

printitaz.com

l-mventures.com

baincot3.com

nstaq-labs.com

Targets

- Target
  
  4444.exe
- Size
  
  459KB
- MD5
  
  a3e29a08e40f22092782a69ada250f36
- SHA1
  
  5597636fe0d024ad1831b30cc5b16764847a2085
- SHA256
  
  4a91d8f52d07bcd7fde157c6b56e2881c4abba94a0f7921633da4ae2bba53074
- SHA512
  
  b8060bf8147e9659790957f42c6ce5b8906f862e57f20c810d4bf12e48174e8a9fccb6f9842713f4079e3ec95bef3a4489873faaf970e3db388b1923b35dd8f7
Score

10^/10

xloader t75f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2