xloader

General

Target

1ZA109T4043832978.html
Size

964KB
Sample

210929-rfrj7afcbq
MD5

110d30a1d7b3e9db16ee8a1b26809973
SHA1

3ce7f7238d5be83f9271d81d3d4e39427b232de4
SHA256

9755c765d48923802c2e5824522c2e25a0bfaece419061d6e223e7f74a067d18
SHA512

d90ac13381a6c5e8c8a5e1b66dc63e1ec9f90ba2715d82ac3fe8651d59a88b9d142c63d8dd16274f449fd6f6b396fa976ec4470c1d4dd3f773c14bc9a2a2b869

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tr7h

C2

http://www.globalinterchangellc.com/tr7h/

Decoy

hnhstudios.com

du-lang.com

lonestartradeoilllc.com

criptool.online

rebus-automotive.com

boxedwallconsepts.net

helixarray.com

jinqiaodianfen.com

goldenwaxi.com

comprarloterianacional.com

digebitdigital.com

cryptoupp.com

332151.com

bousui.club

redakassoumeh.com

giantinosglobalreachstore.com

resultsnft.com

papicolar.com

juvesti.com

tax-kaikei.com

Targets

- Target
  
  1ZA109T4043832978.html
- Size
  
  964KB
- MD5
  
  110d30a1d7b3e9db16ee8a1b26809973
- SHA1
  
  3ce7f7238d5be83f9271d81d3d4e39427b232de4
- SHA256
  
  9755c765d48923802c2e5824522c2e25a0bfaece419061d6e223e7f74a067d18
- SHA512
  
  d90ac13381a6c5e8c8a5e1b66dc63e1ec9f90ba2715d82ac3fe8651d59a88b9d142c63d8dd16274f449fd6f6b396fa976ec4470c1d4dd3f773c14bc9a2a2b869
Score

10^/10

xloader tr7h loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2