xloader

General

Target

Payment Ref EFT#00007863.zip
Size

384KB
Sample

210916-nwtspsdca7
MD5

0dff9e9cda6a4b6fb1ac5767c8500b7c
SHA1

effeffd716258a36dd574f1271fce08e950b8511
SHA256

d4c1a546f7e87b1a6506bb846a2b1c96307afd8a8a184b6941a42ea9e53a4718
SHA512

a648b0ccc4c02ca7f0cf1b5cd4328e818d9a1ce620aaf4789553d33b4e3150f2b3353a2c412872f8b2a8af7bc444649975bca067990b00f637b13a0ca14870d2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

t75f

C2

http://www.438451.com/t75f/

Decoy

ice-lemon.pro

ar3spro.cloud

9055837.com

fucksociety.net

prettyofficialx.com

mfxw.xyz

relationshipquiz.info

customia.xyz

juanayjuan.com

zidiankj.com

facture-booking.com

secondmining.store

aboutyou.club

gongxichen.com

laurabraincreative.com

pierrot-bros.com

saintpaulaccountingservices.com

dom-maya.com

garderobamarzen.net

la-salamandre-assurances.com

Targets

- Target
  
  nAIj8iSBKtENT6y.exe
- Size
  
  411KB
- MD5
  
  799febf0e89864960c7f98b546cea32c
- SHA1
  
  2a16ca50e68593db49450672e54ec8a977239a02
- SHA256
  
  39c5b29df15e13a18cbc4b77a44208aa927af8851555a4d220d8af0be7aeb235
- SHA512
  
  f6f89a2c4c36b4ca961934cb55eec8dbedf15d1a05d77387d9259ddc436766b248865e83e70341c1403dff325185e0a0f4cf51021e682adef19080a7cad6129a
Score

10^/10

xloader t75f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2