xloader

General

Target

arrival notice.r15
Size

448KB
Sample

210915-3swv8abgc7
MD5

7ff8b5ecd9eb584ff5453e3c78ceccca
SHA1

aa57ac7e7aa9097be6468dc97eefcacb69e9e94f
SHA256

735f5380f09fcef1e71401fb89987dd7186c1322b9b5a91f36a4839265f8fab0
SHA512

4deff1797293c990eeb8c81ef9fc60c7d50e5c55717525e5fdffa0bf91c562260b00f2e8533fc4efda77089738ff64727a767f3bd8fb0e775bb73710f7f8e6cf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

n58i

C2

http://www.nordicbatterybelt.net/n58i/

Decoy

southerncircumstance.com

mcsasco.com

ifbrick.com

societe-anonyme.net

bantank.xyz

dogecoin.beauty

aboutacoffee.com

babalandlordrealestate.com

tintgta.com

integrity.directory

parwnr.icu

poltishof.online

stayandstyle.com

ickjeame.xyz

currentmotors.ca

pond.fund

petrosterzis.com

deadbydaylightpoints.com

hotel-balzac.paris

focusmaintainance.com

Targets

- Target
  
  arrival notice.exe
- Size
  
  762KB
- MD5
  
  4196c697fa8a52ecddad63bf5ac9e8f9
- SHA1
  
  1179a7916f59fa2d88829a56f3f045e1cf32c418
- SHA256
  
  cfdb27a9ff39bd1aa5a0a43fe6e272c269a311f5748d8a13b2e705f7d66f16bd
- SHA512
  
  8c78d2a8276fd10c118732b194865fcd40615beb8ad47459e0ce5c67097d57d66c5764c0eaf8ebdbb7591b3ff03c26f0aa90d7dd7484b8f4709c9a79c607d5a0
Score

10^/10

xloader n58i loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2