xloader

General

Target

PO4103.IMG
Size

1.2MB
Sample

211026-ftz8pshfhp
MD5

d4902c09c61bae9aaeb3123bb515995a
SHA1

b9cfdbd568ac0445781cf7475817ff82643e30f6
SHA256

bc0cfddb638f70b61c2f4c788f6a7f0929a7056c999c2a5722e7aff35cdaae81
SHA512

6592f8be8ff06addca02599563070de7096bc5426c8cab06b0e984331919d949e5e4aee48e2a9065537bc87293d5ca32ca116ec12c714d2372a149c75411c364

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hpin

C2

http://www.smgraphicdesign.com/hpin/

Decoy

lalashealingplace.com

melaniealdridgephotography.com

ss3369.com

career-bliss.com

handelbabu.quest

larryhover.com

xyz-vr.xyz

telvicedemo.net

aaakk95.com

follow-er.com

thepiwarrior.com

dgltqd.com

dailyswee.com

tonymoney.net

earthsidesoulalchemist.com

meditatieleeuwarden.online

blancorealtor.com

xn--erhardlohmller-psb.gmbh

coachtobetter.info

singpost.agency

Targets

- Target
  
  PO4103.EXE
- Size
  
  323KB
- MD5
  
  525a51d150340de3d796982e812fae03
- SHA1
  
  d6a2f004ab7380a03c384363a2b6d11a2cba9252
- SHA256
  
  7e84244d68162f8dc6c05011200a2b13aa73ed3c0e922e075cdf1ee2e7047e27
- SHA512
  
  40798f75d608f18b697238292f69f09b82991cffc856feeac7174d86a0949368862144f7d2f5bae94ac8901e567a01d9aa64181032d0e94dc12c46c687a50a33
Score

10^/10

xloader hpin loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2