xloader

General

Target

TPJX2QwEdXs5sTV.exe
Size

655KB
Sample

210915-k2wmpsach2
MD5

ce556ce97ea23cbc2940f2aad45d468f
SHA1

cc2bdaefa2f0ac108e2f456e42a42e8258580cf4
SHA256

7c3d5ebd2c417a52b2a0b98dee95b5a7f283816f6a2453ceeffd31becc140882
SHA512

82d4d71aeb5118d600394c64eb127ca4a87d7b83702feb4f9c5b0a0d98a597f812ebfd16784cbde54b9f4b1c87d3c7eaf57fb1c86b9720df95419887fc13f77b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

t75f

C2

http://www.438451.com/t75f/

Decoy

ice-lemon.pro

ar3spro.cloud

9055837.com

fucksociety.net

prettyofficialx.com

mfxw.xyz

relationshipquiz.info

customia.xyz

juanayjuan.com

zidiankj.com

facture-booking.com

secondmining.store

aboutyou.club

gongxichen.com

laurabraincreative.com

pierrot-bros.com

saintpaulaccountingservices.com

dom-maya.com

garderobamarzen.net

la-salamandre-assurances.com

Targets

- Target
  
  TPJX2QwEdXs5sTV.exe
- Size
  
  655KB
- MD5
  
  ce556ce97ea23cbc2940f2aad45d468f
- SHA1
  
  cc2bdaefa2f0ac108e2f456e42a42e8258580cf4
- SHA256
  
  7c3d5ebd2c417a52b2a0b98dee95b5a7f283816f6a2453ceeffd31becc140882
- SHA512
  
  82d4d71aeb5118d600394c64eb127ca4a87d7b83702feb4f9c5b0a0d98a597f812ebfd16784cbde54b9f4b1c87d3c7eaf57fb1c86b9720df95419887fc13f77b
Score

10^/10

xloader t75f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2