xloader

General

Target

RFQ37548854,PDF.iso
Size

420KB
Sample

210922-qk8tlacge4
MD5

27ae58fb732ab2df1a76a4330ffa6d6b
SHA1

dae34bc9fde318c875bcc29ffe4fe155565a4d5c
SHA256

fe7963c745b7d108598bca84509b76be6527a01d00fca0228af857279619692f
SHA512

c1225b44cb099cd1be114b0224897205d03973a3dfb5b5b5bc649a56101fc68fb0edd069ea93e905e6a06a398e300e0fd941b044890e892e729f3f17b2ac6bfa

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gv6d

C2

http://www.breakaway.uk/gv6d/

Decoy

bigfatgay.com

czrsgd168.com

bnkinvestments.com

uhchearingfl.com

hooktowingco.com

bold2x.com

dirtyhandsdigital.com

princetonreviewes.com

typhoonmusicgroup.com

onlinemathcoach.net

safecareethiopia.net

alvarogdeo.com

access-sca-login.pro

handbagswholesalemaster.com

whoaservices.com

telemunndopr.com

dream2works.com

itemconfirmation.com

kentebags.com

chennaipremium.com

Targets

- Target
  
  RFQ37548854,PDF.exe
- Size
  
  358KB
- MD5
  
  a52dd168224f0cdee9acbb6672235873
- SHA1
  
  ec2752f36ba84ccac2584774b5fb120585c3863c
- SHA256
  
  c5c262746be953a1731d5682c808ca401d4509446cf409b544c2b5524cce2e69
- SHA512
  
  3f420de65287e3164430755eac595e14dd4b381ffd6c5b7dc9cc1eb28360fe2d53f1998fb3bc26f53158c8426dbb8feda0385c7826299b8c5dee58018cc8d15b
Score

10^/10

xloader gv6d loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2