xloader

General

Target

0e03abdcfc2280af3abae47683c0368a.exe
Size

421KB
Sample

211027-pq8kcaegc5
MD5

0e03abdcfc2280af3abae47683c0368a
SHA1

8b25868c70d66c3aafc37e400ca3af4d117e7bd5
SHA256

9205523ee331f11fbe9fb30fa72a45ed45ed2eb5f92b26f01b9e26774264e9d5
SHA512

54affd451f4ff96c85d770c9c65587732f53c6d4a17355e54f6fc2eacfe4584bb3400f7235aa8c2c83619a97b694284a33916f62b9166f137dfcc6cbfb6a1a8b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dnz9

C2

http://www.mykigey5.xyz/dnz9/

Decoy

anlefa.com

jelle.graphics

socalsandblasting.com

gamjadog.online

sabanetavirtual.com

serv-blackhawk-net.com

at-markant.com

carbonfiber.cloud

nftmarketfree.com

abcfortis.xyz

44a44.net

alardellyux.com

alle-notdienste.com

dazzletower.com

rsphongrui.com

leasedrillrig.store

cabinetfuid.com

divinelawn.com

baileysepictravel.com

healthwellness.store

Targets

- Target
  
  0e03abdcfc2280af3abae47683c0368a.exe
- Size
  
  421KB
- MD5
  
  0e03abdcfc2280af3abae47683c0368a
- SHA1
  
  8b25868c70d66c3aafc37e400ca3af4d117e7bd5
- SHA256
  
  9205523ee331f11fbe9fb30fa72a45ed45ed2eb5f92b26f01b9e26774264e9d5
- SHA512
  
  54affd451f4ff96c85d770c9c65587732f53c6d4a17355e54f6fc2eacfe4584bb3400f7235aa8c2c83619a97b694284a33916f62b9166f137dfcc6cbfb6a1a8b
Score

10^/10

xloader dnz9 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2