xloader

General

Target

notification@dhl.com,pdf.exe
Size

64KB
Sample

211022-trclhsbgh8
MD5

81a206a5a263321b91e2714830fb07f8
SHA1

56163d7bdda557962d9f769f06378d61994585be
SHA256

dd4af1effdd1081fccbd05d035c4dfac3b992a358e2a6a6140095d0385ca7f5e
SHA512

f02470a59bc087d01174bbc61109b5d8b70e8ff2bb70d1724c432802583503920d6468d602e934302ae512596f352046a0a06701b41fd83700b824637ab3e1bc

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g8ne

C2

http://www.melindair.xyz/g8ne/

Decoy

freesiacreations.com

ecopolymer.group

ahb9.com

ramapuramholdings.com

urban-gourmets.com

8xaocu.xyz

lancasteremerald.com

aktau.group

thebeachseekers.com

ki5rod.com

nmsships.com

dppu56.com

hairwegoca.net

aratakablogz.com

staunchgomkdt.xyz

leslaw.us

restaurantperladelmare.com

martensakcio.com

motherssecret.store

deersolutionsfranchising.com

Targets

- Target
  
  notification@dhl.com,pdf.exe
- Size
  
  64KB
- MD5
  
  81a206a5a263321b91e2714830fb07f8
- SHA1
  
  56163d7bdda557962d9f769f06378d61994585be
- SHA256
  
  dd4af1effdd1081fccbd05d035c4dfac3b992a358e2a6a6140095d0385ca7f5e
- SHA512
  
  f02470a59bc087d01174bbc61109b5d8b70e8ff2bb70d1724c432802583503920d6468d602e934302ae512596f352046a0a06701b41fd83700b824637ab3e1bc
Score

10^/10

xloader g8ne loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2