xloader

General

Target

QUOTE PRICE.exe
Size

558KB
Sample

210923-wp8maaehh5
MD5

3a35017603b428f692151484ad54ded0
SHA1

ac071c363f33e2a28aaffc77e5a34642d8246fe0
SHA256

45f5e2a682896ac3380522e26a0398b8112bafc42948666c9fecafa3dcab69e3
SHA512

6a2c113565aca37d63de00cdd59354400e901bb731d35e53a42951463662374dec5dfb83d109f059b59733abaf3c0f2057a87c22f69b2d738af37b6f19409d8d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m6rs

C2

http://www.litediv.com/m6rs/

Decoy

globalsovereignbank.com

ktnrape.xyz

churchybulletin.com

ddyla.com

imatge.cat

iwholesalestore.com

cultivapro.club

ibcfcl.com

refurbisheddildo.com

killerinktnpasumo4.xyz

mdphotoart.com

smi-ity.com

stanprolearningcenter.com

companyintelapp.com

tacticarc.com

soolls.com

gra68.net

cedricettori.digital

mossobuy.com

way2liv.com

Targets

- Target
  
  QUOTE PRICE.exe
- Size
  
  558KB
- MD5
  
  3a35017603b428f692151484ad54ded0
- SHA1
  
  ac071c363f33e2a28aaffc77e5a34642d8246fe0
- SHA256
  
  45f5e2a682896ac3380522e26a0398b8112bafc42948666c9fecafa3dcab69e3
- SHA512
  
  6a2c113565aca37d63de00cdd59354400e901bb731d35e53a42951463662374dec5dfb83d109f059b59733abaf3c0f2057a87c22f69b2d738af37b6f19409d8d
Score

10^/10

xloader m6rs loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2