xloader

General

Target

PO Document.exe
Size

323KB
Sample

211103-qz9dnsdhf4
MD5

1ec1e11ac3014b8dd331b3d08972f21b
SHA1

07c546a6a311835c712d9404be182daef56611ab
SHA256

afcf4012f8671a224c6856e0d968b7f7de88d7d96f0caddc97cd0f985694e530
SHA512

62ae0a5018493d84dd9605a71b25a7bc0b01462280655e4faa4918cd1765dd24de42e64aa9c1f48ce021a05a314dfc9e3b9ceccd7222b1c17c663d4ade3b4d42

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u9xn

C2

http://www.crisisinterventionadvocates.com/u9xn/

Decoy

lifeguardingcoursenearme.com

bolsaspapelcdmx.com

parsleypkllqu.xyz

68134.online

shopthatlookboutique.com

canlibahisportal.com

oligopoly.city

srchwithus.online

151motors.com

17yue.info

auntmarysnj.com

hanansalman.com

heyunshangcheng.info

doorslamersplus.com

sfcn-dng.com

highvizpeople.com

seoexpertinbangladesh.com

christinegagnonjewellery.com

artifactorie.biz

mre3.net

Targets

- Target
  
  PO Document.exe
- Size
  
  323KB
- MD5
  
  1ec1e11ac3014b8dd331b3d08972f21b
- SHA1
  
  07c546a6a311835c712d9404be182daef56611ab
- SHA256
  
  afcf4012f8671a224c6856e0d968b7f7de88d7d96f0caddc97cd0f985694e530
- SHA512
  
  62ae0a5018493d84dd9605a71b25a7bc0b01462280655e4faa4918cd1765dd24de42e64aa9c1f48ce021a05a314dfc9e3b9ceccd7222b1c17c663d4ade3b4d42
Score

10^/10

xloader u9xn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2