xloader

General

Target

Invoice & Packing list.r15
Size

400KB
Sample

210928-l8kdpabee5
MD5

8fa13ba8c6d0f9f43eb25cb519e55514
SHA1

b2c8a5c93add1fd9841244e5cb36d0a92b8a86b5
SHA256

cf85c3511dcb11fc479d7daa47a350a298f69df7fabdf6238b6e6e95a324abdc
SHA512

6f4724b333acc3faaad38e456a54f29cb81465c17a73e19ef8b0b538f5279bf10a2196d4aa551e9b5542cb4635cd9050aba5080248cd1a4cb865d0479c0e524b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

jdt0

C2

http://www.jen4x.com/jdt0/

Decoy

william188.com

kmknim.com

freedomnofear.com

industrialohare.com

devopswave.com

g1fz.com

aliceguidi.info

linkared.com

crossboda.com

lpddr3.com

ktnword.xyz

productsdesign.top

dulichnhatviet.com

piazzaassociates.com

inpude.com

kmi.contractors

getkyrobak.com

sportinggoodssuperstore.com

trifoly.info

aspectjudge.com

Targets

- Target
  
  apmPuZR9VEFCl0d.exe
- Size
  
  417KB
- MD5
  
  675b5a620f66d0abbd3940ef365ee298
- SHA1
  
  7baa86b11256ad89b51decfa1fab8fa8d192ff78
- SHA256
  
  d2c3619f62ee7f09594134678d02e47d6a0b71a5e203f3edae6a9f5dbecb4f48
- SHA512
  
  ceef3ab4249ae9e2567dc2d349dc22f1cb190d7b908c4f6869c8f81da30df76c9504fa98d8521914a797355f4a1127c50bf19e89441f46c85036b9baa5c7110a
Score

10^/10

xloader jdt0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2