xloader

General

Target

PO410.IMG
Size

1.2MB
Sample

211101-xqe7ssaea3
MD5

1da283f8588a038751bda25c71057399
SHA1

696ec148ee69fb8b5082081841e9ca4e9c984bac
SHA256

31771fa690e548c84e02a3fafcd518ab4d0e240d2f280279417002d8a25c7136
SHA512

b2fcccd654d51e9fc50dafefe6d00218ba2187a4f455eb00f29c3de1f06a8aa76ad887c20d82651d02d54e557994d6f4d8ff34e9fec17f34f91dc700c97eaa84

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hpin

C2

http://www.smgraphicdesign.com/hpin/

Decoy

lalashealingplace.com

melaniealdridgephotography.com

ss3369.com

career-bliss.com

handelbabu.quest

larryhover.com

xyz-vr.xyz

telvicedemo.net

aaakk95.com

follow-er.com

thepiwarrior.com

dgltqd.com

dailyswee.com

tonymoney.net

earthsidesoulalchemist.com

meditatieleeuwarden.online

blancorealtor.com

xn--erhardlohmller-psb.gmbh

coachtobetter.info

singpost.agency

Targets

- Target
  
  PO410.EXE
- Size
  
  510KB
- MD5
  
  ad7186322cdd40e2b1b1611e483f7f3d
- SHA1
  
  6d21feb43f067ed236788e66c15e7dd0fe80de89
- SHA256
  
  daeedbdae991fad156f54e821b3bb18763922f0cff3b7331e23ae6bce40a4cc4
- SHA512
  
  b753101e66b98d6e99318ba958c5accc2dfb98b485d0176cd0d5665149bf732222d6082af4a9bba6f2a3b33d9f97b75fec0300419fe4a7373aac98ec800541fc
Score

10^/10

xloader hpin loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2