xloader

General

Target

New order 7nbm471.exe
Size

287KB
Sample

211104-s17mksghe8
MD5

799da86c201ef4652c1f8ca1ce49373f
SHA1

dec072bcf61ecccef4d330ec0fd70823994bd3b9
SHA256

253a4d6b49703d6dfbf3aeadd226ea692997edfb4bd0df7c6e97b7cffd1ef2f2
SHA512

f7cac00d671c31558de18b548fc994d4ad7bbbcd583b5a62840bb97e67f55cec429ae6ad42f0b23ac0f857b201d230ddd776a8b6757f335111707878c201b6a7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u9xn

C2

http://www.crisisinterventionadvocates.com/u9xn/

Decoy

lifeguardingcoursenearme.com

bolsaspapelcdmx.com

parsleypkllqu.xyz

68134.online

shopthatlookboutique.com

canlibahisportal.com

oligopoly.city

srchwithus.online

151motors.com

17yue.info

auntmarysnj.com

hanansalman.com

heyunshangcheng.info

doorslamersplus.com

sfcn-dng.com

highvizpeople.com

seoexpertinbangladesh.com

christinegagnonjewellery.com

artifactorie.biz

mre3.net

Targets

- Target
  
  New order 7nbm471.exe
- Size
  
  287KB
- MD5
  
  799da86c201ef4652c1f8ca1ce49373f
- SHA1
  
  dec072bcf61ecccef4d330ec0fd70823994bd3b9
- SHA256
  
  253a4d6b49703d6dfbf3aeadd226ea692997edfb4bd0df7c6e97b7cffd1ef2f2
- SHA512
  
  f7cac00d671c31558de18b548fc994d4ad7bbbcd583b5a62840bb97e67f55cec429ae6ad42f0b23ac0f857b201d230ddd776a8b6757f335111707878c201b6a7
Score

10^/10

xloader u9xn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2