xloader

General

Target

E20210917ML-RFQ.arj
Size

450KB
Sample

210927-xr3dqahha9
MD5

62354d340ff801e6487a011c6fba304f
SHA1

471994656dfddc25f14e5965d74dcd3cd11c877b
SHA256

2dcb33954614d11cded983267f1e67bab73b383f846170e34f54bb745b05b995
SHA512

11d06ccde17dc9e6e0e8e7d23576e60940e27d3b68f85448e76342a7874b1941ce6a5ab1cb0fe19e1bc1c5961e7c91033f373b1a281e9ae6e45e2434bbd8faa2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

a6er

C2

http://www.revivalgomghw.xyz/a6er/

Decoy

floetic.club

deepspotters.com

tibo-dev.tech

kcmade.xyz

haulseattle.com

ceroli-dolci.com

chenkaichuangke.com

citycloudconsulting.online

rusunmedical.com

ingeborg-art.com

asianm.art

private-clicks.com

metalcorpperu.com

beautifulingodseyes.com

phutungxenangnguoi.com

shots-photo.com

wirlessjuicers.com

sadyrossiiural.com

jiho9jye.xyz

molilii.com

Targets

- Target
  
  E20210917ML-RFQ.exe
- Size
  
  631KB
- MD5
  
  4bb97838f22e7d33122a38105b252b9e
- SHA1
  
  770a4807a1e32a8fbb765e3540d54c30bdd5c131
- SHA256
  
  c507c6ca8c3d71feb2af8d83136736bd2407fef4a26c9e681426be5501d4742c
- SHA512
  
  fd23aa8b75501d5a09fcb6c8c4ac2bc7406e0a73a7dc0215b3a1de8a4a31a418bee21fc750335c9de4652e62a7a9a4a409bf110d9a1bc49df9318ab38ba08cb5
Score

10^/10

xloader a6er loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2