xloader

General

Target

SRMETALINDUSTRIES.zip
Size

435KB
Sample

210916-llvwxacfe8
MD5

b153ab7c7835804fa85cfbc637ae1a2e
SHA1

232144cbca489f97c5fb2d43f85e137ca78442f9
SHA256

16c1cffb71d50fbe9105900699a6c4c9f3b5f55fac90daa8c3171f03035d3093
SHA512

ee8fd0b12f82f0d2b9a482e654addb6173253c63ac384748903778d7275e9d8ec6dae55132836a193385bc1eadb060e74b879e94826e0975be0f91ea2b0720a3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

n58i

C2

http://www.nordicbatterybelt.net/n58i/

Decoy

southerncircumstance.com

mcsasco.com

ifbrick.com

societe-anonyme.net

bantank.xyz

dogecoin.beauty

aboutacoffee.com

babalandlordrealestate.com

tintgta.com

integrity.directory

parwnr.icu

poltishof.online

stayandstyle.com

ickjeame.xyz

currentmotors.ca

pond.fund

petrosterzis.com

deadbydaylightpoints.com

hotel-balzac.paris

focusmaintainance.com

Targets

- Target
  
  SRMETALINDUSTRIES.exe
- Size
  
  573KB
- MD5
  
  51fb6f484b4bc554a7fddb7dc24c994e
- SHA1
  
  6548d2e4c988457deb2a3435220f3252367462f3
- SHA256
  
  4b9ec9143ae2471c8cf540f5e3815c4ca4bb5e073d5c45e6bd934cc0350e8546
- SHA512
  
  703b898725b19590fb833a988a49af207cbb367b508ff58b7c662bd5d6646689276267320d1e915fa7bb8b3201fe43b7b25ec61cf3188c5f5b4ad83c74591aad
Score

10^/10

xloader n58i loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2