xloader

General

Target

vbcexe.zip
Size

353KB
Sample

211028-x6qcpsghdl
MD5

cb40a1fbd21c85eae320e13c2353fc3f
SHA1

72cc89da90c3dfd4ab85c305a45f4315db8d63b0
SHA256

b47c5aaa56adf805663d9854835f7d781f33be5f195f9d3bcde0ae9a76ac9c81
SHA512

429fa930c6eb0d97e49751e60802bbcfc95b044c5cea0a5e455cad7430dcdb783eb943bef5d4ee829bb451dc2e742a8f7dca6912a919887251325c5a155b8eb4

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwev

C2

http://www.scion-go-getter.com/mwev/

Decoy

9linefarms.com

meadow-spring.com

texascountrycharts.com

chinatowndeliver.com

grindsword.com

thegurusigavebirthto.com

rip-online.com

lm-safe-keepingtoyof6.xyz

plumbtechconsulting.com

jgoerlach.com

inbloomsolutions.com

foxandmew.com

tikomobile.store

waybunch.com

thepatriottutor.com

qask.top

pharmacylinked.com

ishii-miona.com

sugarandrocks.com

anabolenpower.net

Targets

- Target
  
  92206b9fa1251b589ab6d14b4828cafe0ec9d9b44df469602b7d3d1ed16ae0e8.bin
- Size
  
  414KB
- MD5
  
  ff1c94584214d5eef525a0d3ff196a8b
- SHA1
  
  64841f419c3d8bff98b1ada134ecb8d63be07ec4
- SHA256
  
  92206b9fa1251b589ab6d14b4828cafe0ec9d9b44df469602b7d3d1ed16ae0e8
- SHA512
  
  9070de7cca07bde86414050f16a73f51c8573e07dca0e8cbac09c870d6f902890d1282dc6f9b1702feb059ad96938ca05dc466bd2004b2c2f670e60ad32f6daa
Score

10^/10

xloader mwev loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2