xloader

General

Target

Lista de ordenes de compra.zip
Size

432KB
Sample

211001-wtrvbschf6
MD5

a4959d9307b6a97028f6b1a3e1465979
SHA1

864685bf0691108bf7c2889bb095ebd59acce27e
SHA256

220dc663c17238697d89921dd9aca193b52bf21c0e0bf0f9721292de91f5a053
SHA512

06adae543f0608b3c9d1e53cdb9e57cba52db0f1168da39e1c7447a320c995cb59b1916dc4b543c5a5c0f3b4c5cec11355a8e61c97eb7c0f7773ac2e079f4f75

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

C2

http://www.finetipster.com/pvxz/

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

- Target
  
  Lista de ordenes de compra.exe
- Size
  
  884KB
- MD5
  
  be586dde04b842854d2ff3a12488306c
- SHA1
  
  6e347940762a46884f97a22efbea203cd231325f
- SHA256
  
  f79690a1d55d2a07ff407ca6a7e74dfc8097d9c63d6fa59adc2e03c73d39290b
- SHA512
  
  30d36c0b8a0c938a25a75553269183c7d44376b5f7e62cd8a2fc04b1a3c327b8b664a7e5781f05e0e3442dd1a2f5b4254507b6b61ff0396db72e1f0690b526b5
Score

10^/10

xloader pvxz loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2