xloader

General

Target

RFQ54488203expediere_doc202177,pdf.exe
Size

299KB
Sample

211005-q61p4shhb7
MD5

486990b975aa0c60bdbc054ae6a2b3cd
SHA1

9806f58700e62c3de83536edb99fd66aa1c01d82
SHA256

222c8a0ce49171c3bb93631e7001bb152ad05fa4ba13437a173f1d0dd9fd0a4e
SHA512

d1091d97ac39c381086424a55867eed1029879aa91174222fc94cd0f255bc4e5d877fb6b52761528fd9e08821150b4df6f8bd8bd846ade9f0e5b520cde8554a9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dhua

C2

http://www.segurosramosroman.com/dhua/

Decoy

ketostar.club

icanmakeyoufamous.com

claimygdejection.com

garlicinterestedparent.xyz

bits-clicks.com

030atk.xyz

ballwiegand.com

logs-illumidesk.com

785686.com

flnewsfeed.com

transporteshrj.net

agenciamundodigital.online

bowersllc.com

urchncenw.com

wuauwuaumx.com

littlesportsacademy.com

xn--m3chb3ax0abdta3fwhk.com

prmarketings.com

jiaozhanlianmeng.com

whenisthestore.space

Targets

- Target
  
  RFQ54488203expediere_doc202177,pdf.exe
- Size
  
  299KB
- MD5
  
  486990b975aa0c60bdbc054ae6a2b3cd
- SHA1
  
  9806f58700e62c3de83536edb99fd66aa1c01d82
- SHA256
  
  222c8a0ce49171c3bb93631e7001bb152ad05fa4ba13437a173f1d0dd9fd0a4e
- SHA512
  
  d1091d97ac39c381086424a55867eed1029879aa91174222fc94cd0f255bc4e5d877fb6b52761528fd9e08821150b4df6f8bd8bd846ade9f0e5b520cde8554a9
Score

10^/10

xloader dhua loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2