xloader

General

Target

ArD5nO3F91myqTV.exe
Size

565KB
Sample

211029-mchqnadah7
MD5

6dfcb41ce4cc51a4c8ea418960b45c0b
SHA1

898c4721b6e4593cbe0b88dbde8c152bc8a87a55
SHA256

9ab16c3b0caf257f8652d17d642c53cf2e8056f38f32f091fa23d6acfa4d5b8a
SHA512

18b925e7e5a5cc02fe300529414edcd6449747e3c591989db18b9f958c7283b68467fa2eadcf0028babf27ecd7672f5d98cd6db75f2ed54b5970f858d6a147cd

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

k8u7

C2

http://www.ardisadr.online/k8u7/

Decoy

ly3389.com

biggergrip.com

guitarbadon.net

zbjiachuang.com

maaratechnology.com

perdiemsuites.com

israel-grahamcoates.com

blackbirdfarmette.com

klhobbies.com

locdinzone.com

bestinvest-4-you.com

howtofindbantingbalance.com

kairoslabs.online

hteaz.com

banjjakdesign.com

reworkgear.com

oklahomaexcavation.com

tenloe051.xyz

blockchainpress.info

panchotrucking.com

Targets

- Target
  
  ArD5nO3F91myqTV.exe
- Size
  
  565KB
- MD5
  
  6dfcb41ce4cc51a4c8ea418960b45c0b
- SHA1
  
  898c4721b6e4593cbe0b88dbde8c152bc8a87a55
- SHA256
  
  9ab16c3b0caf257f8652d17d642c53cf2e8056f38f32f091fa23d6acfa4d5b8a
- SHA512
  
  18b925e7e5a5cc02fe300529414edcd6449747e3c591989db18b9f958c7283b68467fa2eadcf0028babf27ecd7672f5d98cd6db75f2ed54b5970f858d6a147cd
Score

10^/10

xloader k8u7 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2