xloader

General

Target

pay.exe
Size

493KB
Sample

210915-je915saba2
MD5

d08e51116e789fa67fd4d535ad4f399b
SHA1

1d7d28fb75910f580d75167c0b30ebadd79fe8ca
SHA256

7deecd8502e99ced6aec8588840f7e972a3b030c19e0e88ef94ec3a9d2ababc9
SHA512

6a576a4765cd48138989742cad201abc09941290d70459b13e9dbe3680fe6b291a4a422fbc7dfc4c26e0b554794015194f78c6d2e2082053ba9c1a2a9313bfa1

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

t75f

C2

http://www.438451.com/t75f/

Decoy

ice-lemon.pro

ar3spro.cloud

9055837.com

fucksociety.net

prettyofficialx.com

mfxw.xyz

relationshipquiz.info

customia.xyz

juanayjuan.com

zidiankj.com

facture-booking.com

secondmining.store

aboutyou.club

gongxichen.com

laurabraincreative.com

pierrot-bros.com

saintpaulaccountingservices.com

dom-maya.com

garderobamarzen.net

la-salamandre-assurances.com

Targets

- Target
  
  pay.exe
- Size
  
  493KB
- MD5
  
  d08e51116e789fa67fd4d535ad4f399b
- SHA1
  
  1d7d28fb75910f580d75167c0b30ebadd79fe8ca
- SHA256
  
  7deecd8502e99ced6aec8588840f7e972a3b030c19e0e88ef94ec3a9d2ababc9
- SHA512
  
  6a576a4765cd48138989742cad201abc09941290d70459b13e9dbe3680fe6b291a4a422fbc7dfc4c26e0b554794015194f78c6d2e2082053ba9c1a2a9313bfa1
Score

10^/10

xloader t75f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2