xloader

General

Target

bb395896ba43c73d81fa70140ce69ee6.exe
Size

250KB
Sample

211031-kh3a5sfgd6
MD5

bb395896ba43c73d81fa70140ce69ee6
SHA1

4fd5f9d1cb716f7259fa8ff61fb8dc6ba0b34f64
SHA256

c3327a302a265c4327ebe46e508cf30c5be39966bdd95cd286f56d93d22e80c3
SHA512

69cda7491e7d68988b1997fa5defaf5577d2f4acaf91f696a43678b1fbc00c0784cce55ccc171ed97bccbcbc10ce88833150885399a1bca4105b28633ab78afe

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ahdu

C2

http://www.casinoregio.com/ahdu/

Decoy

premiumfreebie.com

spintheblackestcircles.com

okaidoku-shop.net

zonaseguradregistropremios.com

wzocflfow.com

maanyah.com

warrioredjuan.com

uniquelypizza.com

wondertreehr.com

ddriiverzautozs.com

mattenterline.com

urenium.com

salonjedibreakthrough.com

imgkurd.com

pierrejacqueslyon.com

quimicasurandina.com

jkpfukgmt.icu

ansariclinic.com

ashleysema.design

arkadiafoliage.com

Targets

- Target
  
  bb395896ba43c73d81fa70140ce69ee6.exe
- Size
  
  250KB
- MD5
  
  bb395896ba43c73d81fa70140ce69ee6
- SHA1
  
  4fd5f9d1cb716f7259fa8ff61fb8dc6ba0b34f64
- SHA256
  
  c3327a302a265c4327ebe46e508cf30c5be39966bdd95cd286f56d93d22e80c3
- SHA512
  
  69cda7491e7d68988b1997fa5defaf5577d2f4acaf91f696a43678b1fbc00c0784cce55ccc171ed97bccbcbc10ce88833150885399a1bca4105b28633ab78afe
Score

10^/10

xloader ahdu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2