xloader

General

Target

SecuriteInfo.com.Trojan.Siggen15.34595.31963.19163
Size

528KB
Sample

211104-l4hpasddcn
MD5

2b5dc0ab0d788a63f4a09f80c2de0799
SHA1

25d10abffaa19611b1376d8e3bd1a541fdc6afed
SHA256

8f06ef3fb5b077f1d8c9b9ff9ac36a5d019c8c829fc7374dbf03a407793ca29f
SHA512

7456bb3e5bee9626d7fa285c0112eb764327678f3f451b640d1f0de4fac46e6c0a0a8cf3f893a56ef5037fea8d8f4c78e85a0132edfca4a22b7e399705386311

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pufi

C2

http://www.homestechs.com/pufi/

Decoy

fusiongroupgames.net

hugevari.com

rebeccagriffiths.com

trocaoferta.com

theslashapp.com

codezonesoftware.xyz

sottocommunications.com

minicreators.online

course2millions.com

hfm5n1dhkjqwpe.xyz

xlab-ub.com

silvanaribeirocake.com

thefabinteriordesign.com

mg-leadership.com

petbort.com

ndust.net

203040302.xyz

jakital.com

shophuunghia.info

rednacionaldejuecesrd.net

Targets

- Target
  
  SecuriteInfo.com.Trojan.Siggen15.34595.31963.19163
- Size
  
  528KB
- MD5
  
  2b5dc0ab0d788a63f4a09f80c2de0799
- SHA1
  
  25d10abffaa19611b1376d8e3bd1a541fdc6afed
- SHA256
  
  8f06ef3fb5b077f1d8c9b9ff9ac36a5d019c8c829fc7374dbf03a407793ca29f
- SHA512
  
  7456bb3e5bee9626d7fa285c0112eb764327678f3f451b640d1f0de4fac46e6c0a0a8cf3f893a56ef5037fea8d8f4c78e85a0132edfca4a22b7e399705386311
Score

10^/10

xloader pufi loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2