xloader

General

Target

c6def7e067895d7c6f4b0f78270b9e2c.exe
Size

281KB
Sample

211102-nevnnscde7
MD5

c6def7e067895d7c6f4b0f78270b9e2c
SHA1

0fbbcbce3002c8d0d69a7dc6c2666900b57fc54d
SHA256

d78094f3b6eac87e2d4249671bdc4e044afb31e2e78aac8f2db7186c6d5b6db1
SHA512

62536f5855f785d5b426a4e95c58fae7fe3903b85f5a256c60921757125638f03c22bd099fc0035ef2c1ca0a848e46e5b31a7865de147e6da532510a15d7dc7d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

kqna

C2

http://www.surfsolutions.info/kqna/

Decoy

achyutlifesciences.com

anthemmg.com

netkopat.com

generationgirlnaturals.com

novatel-network.com

craftstockco.com

thevishantiverse.art

elkerfly.com

haerotechs.com

candypalette.com

gregdokes.com

e-commerce.company

gratitudeland.com

companyintelcloud.com

publicyazilim.com

xc6811.com

aracsozluk.com

janesgalant.quest

fraserstephendop.com

ryan.rentals

Targets

- Target
  
  c6def7e067895d7c6f4b0f78270b9e2c.exe
- Size
  
  281KB
- MD5
  
  c6def7e067895d7c6f4b0f78270b9e2c
- SHA1
  
  0fbbcbce3002c8d0d69a7dc6c2666900b57fc54d
- SHA256
  
  d78094f3b6eac87e2d4249671bdc4e044afb31e2e78aac8f2db7186c6d5b6db1
- SHA512
  
  62536f5855f785d5b426a4e95c58fae7fe3903b85f5a256c60921757125638f03c22bd099fc0035ef2c1ca0a848e46e5b31a7865de147e6da532510a15d7dc7d
Score

10^/10

xloader kqna loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2