xloader

General

Target

shipping docs 9100.zip
Size

418KB
Sample

210928-m6c29sbff2
MD5

05a9c8d25ef7a95f63f51e7aa64c42e2
SHA1

1d1e947fdf93d953ed29ade020f38212f48b233f
SHA256

510ee124baffe454ca3bdae1af80044b7bd469ceed767cb6108df0f2a8494209
SHA512

68443859764ac971308c45b6ed141760c2e11351977a4c5b13b53d6411d4405ebab56ba4086e1eb0d236fc12036d9aaae84a9522fd799b2a431cba611f06d442

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

jdt0

C2

http://www.jen4x.com/jdt0/

Decoy

william188.com

kmknim.com

freedomnofear.com

industrialohare.com

devopswave.com

g1fz.com

aliceguidi.info

linkared.com

crossboda.com

lpddr3.com

ktnword.xyz

productsdesign.top

dulichnhatviet.com

piazzaassociates.com

inpude.com

kmi.contractors

getkyrobak.com

sportinggoodssuperstore.com

trifoly.info

aspectjudge.com

Targets

- Target
  
  money.exe
- Size
  
  587KB
- MD5
  
  a5c5be37f0dd714ee9a45a05d602f292
- SHA1
  
  29b118c934e74613d6704ccfed26ccc053065317
- SHA256
  
  5e27b2f6ec7f0387f6c380ac26eb924fcc732601c43ed7c400c42ae82fb0de57
- SHA512
  
  fdd33b939445c0203ce720b52f704dde1d0a2af5e36093ef1fe14c5f66e7082af5f0745997820a9eaa7f8e11727d1e817e282d9b6d1b236c990fd82853cc4c45
Score

10^/10

xloader jdt0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2