xloader

General

Target

ZT2468.exe
Size

288KB
Sample

211104-qf33jsgff2
MD5

fab8e59e983d01fc0693c15309576f7a
SHA1

7237e7d63f241d7785e638edf05a71064574659c
SHA256

272447b597810afe392f24b2fbcab08cd76224f54251e009742ed350595fe54d
SHA512

0eb51bc407abb70cabe32081b9e073505a761048e399a69a7857775974454b29d7fe46f46b12296f58e33e0feca5488adf399979b7ff9ead9e1e3ea24cd75120

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u5eh

C2

http://www.retonamoss.com/u5eh/

Decoy

tryafaq.com

bobcathntshop.com

oglead.com

026skz.xyz

brasbux.com

adna17.com

noveltyrofjiy.xyz

realestatecompanys.com

leman-web.com

df5686.com

jonathonhawkins.com

juliedominyfloralartistry.com

classyeventsco.com

aquaticatt.com

iotworld.xyz

hoc8.com

disposablediapers.store

peregovorim.online

advancebits.club

getaburialplan.com

Targets

- Target
  
  ZT2468.exe
- Size
  
  288KB
- MD5
  
  fab8e59e983d01fc0693c15309576f7a
- SHA1
  
  7237e7d63f241d7785e638edf05a71064574659c
- SHA256
  
  272447b597810afe392f24b2fbcab08cd76224f54251e009742ed350595fe54d
- SHA512
  
  0eb51bc407abb70cabe32081b9e073505a761048e399a69a7857775974454b29d7fe46f46b12296f58e33e0feca5488adf399979b7ff9ead9e1e3ea24cd75120
Score

10^/10

xloader u5eh loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2