xloader

General

Target

de8a80136d8b6c2002ba8473bda2a617
Size

255KB
Sample

210917-xvx86sbbaq
MD5

de8a80136d8b6c2002ba8473bda2a617
SHA1

6ccca366fd276d0bff3197b02bfb8c192fe75cb3
SHA256

4e18d364c4fa2db105557cf8105e5e3d77c9d7a06590b4f897051f99014da5be
SHA512

d93ca922a818f387312a317ef84e22d88ac9c091a8ddb85c742983fa37801614681d22b842aacd66f6d66621700a0e4eeacc632428303f8db6c7bd0f8d607875

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

C2

http://www.helpmovingandstorage.com/b6a4/

Decoy

gr2future.com

asteroid.finance

skoba-plast.com

rnerfrfw5z3ki.net

thesmartroadtoretirement.com

avisdrummondhomes.com

banban365.net

profesyonelkampcadiri.net

royalloanhs.com

yulujy.com

xn--naqejahan-n3b.com

msalee.net

dollyvee.com

albertagamehawkersclub.com

cbspecialists.com

findingforeverrealty.com

mrtireshop.com

wadamasanari.com

growtechinfo.com

qipai039.com

Targets

- Target
  
  de8a80136d8b6c2002ba8473bda2a617
- Size
  
  255KB
- MD5
  
  de8a80136d8b6c2002ba8473bda2a617
- SHA1
  
  6ccca366fd276d0bff3197b02bfb8c192fe75cb3
- SHA256
  
  4e18d364c4fa2db105557cf8105e5e3d77c9d7a06590b4f897051f99014da5be
- SHA512
  
  d93ca922a818f387312a317ef84e22d88ac9c091a8ddb85c742983fa37801614681d22b842aacd66f6d66621700a0e4eeacc632428303f8db6c7bd0f8d607875
Score

10^/10

xloader b6a4 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2