xloader

General

Target

SOA.zip
Size

423KB
Sample

210921-x4sp2sadd3
MD5

0be840d307e767d4a28e44aef4bac3bc
SHA1

7f3613e5d772cb2a6f65d7e5ce95f20ead171d25
SHA256

6d003f8b8a3fae48fbf08e80fadccccd9952de2c3c4b6b5d2c96f47ec26cc6aa
SHA512

27caeab35c23bf202f8c81bd564de7cff2e9daadc5b76f4fe7ca6728b68c7777f336ce1845e210b0136fb19076500a3d08b05b44d63db521672e1fa75813432e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

- Target
  
  SOA.exe
- Size
  
  872KB
- MD5
  
  a3279da350cf134f736629e5e55c0a41
- SHA1
  
  d28cc3a2cc3e16cf38634cab8db41aacebf4709b
- SHA256
  
  fc9f8f3e66f8ea09953b7b5eba261ff36eb9a78a5f92787eb879420ee3bad581
- SHA512
  
  248040d33716b6f7fb5c0764380c67489d2acdc52784b2d8020faa57f09edc383ab7ecd85c297ef2516698e2cfa92e7d8edc8fc0c510263e5a2b91e1f650d79b
Score

10^/10

xloader c2ue loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2