xloader

General

Target

PO7420.7z
Size

438KB
Sample

210915-gt1pxahhg3
MD5

27293c7fd1558a0bac180af3d13110c8
SHA1

522d7bd0a53ebed61c3e7b4bf19090c3b042707d
SHA256

007dad2a934add640b561cc316a7bee026beb5fabfea281daac2aa5cffeb9984
SHA512

e9ce6baa56b5da913cb874a74cc1e52c0e45a017dc721d47a0e4a96b93a51b824cef1482903a7af60d3b5fc53b01baf97114ef797696953e2e674c66fbb9b06a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c28h

C2

http://www.yourweddingscent.online/c28h/

Decoy

xn--osegredodameditao-nqb9e.com

blakepleasant.com

midnightindulgence.com

lungx.com

goldenretrieversmn.com

thecapshooter.com

luxuryledlighting.com

coachlind.com

jewelryart-byirene.com

legacyvending.net

staffjet.info

geogest.com

okmulgeedream.center

mexicoifbbproleague.net

tomrings.com

kidsomia.com

learnwithalinguist.com

getboardsuited.com

aiyuc.com

wowmanship.com

Targets

- Target
  
  PO7420.exe
- Size
  
  670KB
- MD5
  
  02e6d76727a49338165563bfccb66182
- SHA1
  
  f1302c87caad5869fdf9c151c0a506cda1b3d5a3
- SHA256
  
  98a9431a38a821366e3bf9cc3bbb9a9b44f5820632ac85c5a9f2349e65a507a0
- SHA512
  
  605d13c0b75c8cd94ceff9cc3d7cfa317b5b360df62c6a0f93a838558081665b0ef3d7bca5857cf1cf41a5e5f7db745d74d3fe9a6d9b4900da110efbb6749b0e
Score

10^/10

xloader c28h loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2