xloader

General

Target

e2827700e9676ad0d4b734d5f4a221b3
Size

685KB
Sample

211022-sfljlsbge7
MD5

e2827700e9676ad0d4b734d5f4a221b3
SHA1

2997b29050c7e44072f886705cbd4be6a3edda97
SHA256

a8ea6b5e7721a2d508d362f9e75fc38fe3b845375c358829ef0604cc2345aa13
SHA512

d16e61c88eb9c32fd1c74b4893fb08092bbca5ae17f4275eecd7bc2352dad0904e4dc603be4747e0a9460507187e2bad78a51ffc055cb9b2b7baebff550abbd2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

k8u7

C2

http://www.ardisadr.online/k8u7/

Decoy

ly3389.com

biggergrip.com

guitarbadon.net

zbjiachuang.com

maaratechnology.com

perdiemsuites.com

israel-grahamcoates.com

blackbirdfarmette.com

klhobbies.com

locdinzone.com

bestinvest-4-you.com

howtofindbantingbalance.com

kairoslabs.online

hteaz.com

banjjakdesign.com

reworkgear.com

oklahomaexcavation.com

tenloe051.xyz

blockchainpress.info

panchotrucking.com

Targets

- Target
  
  e2827700e9676ad0d4b734d5f4a221b3
- Size
  
  685KB
- MD5
  
  e2827700e9676ad0d4b734d5f4a221b3
- SHA1
  
  2997b29050c7e44072f886705cbd4be6a3edda97
- SHA256
  
  a8ea6b5e7721a2d508d362f9e75fc38fe3b845375c358829ef0604cc2345aa13
- SHA512
  
  d16e61c88eb9c32fd1c74b4893fb08092bbca5ae17f4275eecd7bc2352dad0904e4dc603be4747e0a9460507187e2bad78a51ffc055cb9b2b7baebff550abbd2
Score

10^/10

xloader k8u7 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2