xloader

General

Target

DN_467842234567.exe
Size

253KB
Sample

210927-q4n9ashba9
MD5

c16013ea29f9dd1525dcb65c2184784e
SHA1

5afd533f29573050734e428f9f8c9ba08c79546a
SHA256

df05d916a02c09e1dba0df0841f93697e407a334ce8d2371dfe8befd909d8a43
SHA512

87c9e01aac687d2c675cb281592c930ce7bfefebc4eecde4135834bf896265d0238f9afc98726214fc30ef19c2528740aadf12df00e7cb44c469e56d5e9eefca

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

r95e

C2

http://www.bofight.store/r95e/

Decoy

mindyourbusinesscoin.com

melandri.club

13011196.com

bespinpoker.com

ohchainpodklo.xyz

paolacapitanio.com

hnczppjs.com

healthygold-carefit.club

drive16pay.art

5foldmastermind.com

especialistasorteios.online

cjcveterotqze.com

originaldigitalspaces.com

21lawsofconfidence.com

uscryptomininglaws.com

nilist.xyz

bergstromgreenholt.icu

dumbasslures.com

companieus.com

2gtfy0.com

Targets

- Target
  
  DN_467842234567.exe
- Size
  
  253KB
- MD5
  
  c16013ea29f9dd1525dcb65c2184784e
- SHA1
  
  5afd533f29573050734e428f9f8c9ba08c79546a
- SHA256
  
  df05d916a02c09e1dba0df0841f93697e407a334ce8d2371dfe8befd909d8a43
- SHA512
  
  87c9e01aac687d2c675cb281592c930ce7bfefebc4eecde4135834bf896265d0238f9afc98726214fc30ef19c2528740aadf12df00e7cb44c469e56d5e9eefca
Score

10^/10

xloader r95e loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2