xloader

General

Target

NEW ORDER_PO88224.PDF.iso
Size

620KB
Sample

210924-gcw1dsfhf9
MD5

8d62f8617a036d204233bbb5ecea97c9
SHA1

db52a6bd445632380d89cae87ca3c37347546541
SHA256

d31545790be2903d071f2355c74a10a0f250c7dd5f43dd48042cff8579f40a43
SHA512

16b832c62285e07db8ebffbe79d1694ea89fcacf1c33165fff25586adb965bff6eaed2305426e6e600aaa8e8311fdeb162b28625b54bdc660e12c7a3c13fa178

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ny9y

C2

http://www.caddomain.com/ny9y/

Decoy

prelovedboutiqe.com

zhantool.com

grypeguidgorge.com

aa6588.com

privateerspacecompany.space

phil-goodman.com

jckabogados.com

familybeautifull.com

probinns.com

angelika-fritz.online

mygeeb.com

481344.com

freesoft.pro

extracter.store

fasxpay.com

hnjxcd.com

wfot2002.com

worldexecutor.com

tongxintachangjia.com

zachtippit.com

Targets

- Target
  
  NEW ORDER_PO88224.PDF.exe
- Size
  
  559KB
- MD5
  
  91395b2b8907c3d08e2d6b4da9931a9c
- SHA1
  
  801c292d0673c8ec990fa9dab1ebaae122dbc552
- SHA256
  
  387508d9f7c0d79b09bde31b037d1c43ceb1ce799a0cc94a77a20226477b47f7
- SHA512
  
  0d95e0a195c1707c37cfecbe9d241f80935f25f1c8073eaa510c3ddd95c3deecd2e85f9ca5bb9387238935c78b29f164261da22e933aa2d65ccde1c7b3ea89eb
Score

10^/10

xloader ny9y loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2