xloader

General

Target

ORDER INQUIRY NO3534.exe
Size

743KB
Sample

211020-n7116ahac5
MD5

f20fdb6a62e4769eeaf17d24b9208258
SHA1

c2876bb0ce1383350085783bb5fe851a9b4dadf1
SHA256

48f7f3f5ae41bcfefbf47d156939829070a28140c04d7de5c613a20a3415c0e7
SHA512

51cbb0513e0d6f39dc2e6d30f940743c7b32433294aa26b1f8af7a979ba95f1f24b80b66c81fd26d327070949597901d2c8ec826b8f20ff3f99dd6d2eae5887e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e4nr

C2

http://www.sddn24.xyz/e4nr/

Decoy

goldtruckclub.com

javshrimp.com

maeskhall.quest

smartlifeblockchain.net

omychiq.com

musclegearshop.com

namicoscorp.com

ncfqxxkj.com

verifique-banca.com

usadocnetwork.com

heartsurgerygroup.com

cbt-nightmares.com

libraprint.com

wh0n16.com

pompanopaintnsip.com

7aomoquzb9.com

cedse.com

karst-shop.com

target-checkbalances.com

infowebp.com

Targets

- Target
  
  ORDER INQUIRY NO3534.exe
- Size
  
  743KB
- MD5
  
  f20fdb6a62e4769eeaf17d24b9208258
- SHA1
  
  c2876bb0ce1383350085783bb5fe851a9b4dadf1
- SHA256
  
  48f7f3f5ae41bcfefbf47d156939829070a28140c04d7de5c613a20a3415c0e7
- SHA512
  
  51cbb0513e0d6f39dc2e6d30f940743c7b32433294aa26b1f8af7a979ba95f1f24b80b66c81fd26d327070949597901d2c8ec826b8f20ff3f99dd6d2eae5887e
Score

10^/10

xloader e4nr agilenet loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2