xloader

General

Target

WTH3T14PEXvO4Yn.exe
Size

556KB
Sample

211105-ambzmsaae3
MD5

d1202be1c5788f37e6a1f5d382c760ff
SHA1

f284448cf2b12e5317a4f6abeb6064e418aa4fd6
SHA256

f8d1c5af5232520c1d2a2fc161653d57f0e8f3d7ce04db204d4a2c1d646ea2cf
SHA512

e5ed94191d82ae4bd8671912205f5a63b72445b559160ee259bd7ebf546674a4d0d88d3f5f9432e1492d69dcbff87c15f142d1e3c7e20362b2e2cea49b2dac0b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pufi

C2

http://www.homestechs.com/pufi/

Decoy

fusiongroupgames.net

hugevari.com

rebeccagriffiths.com

trocaoferta.com

theslashapp.com

codezonesoftware.xyz

sottocommunications.com

minicreators.online

course2millions.com

hfm5n1dhkjqwpe.xyz

xlab-ub.com

silvanaribeirocake.com

thefabinteriordesign.com

mg-leadership.com

petbort.com

ndust.net

203040302.xyz

jakital.com

shophuunghia.info

rednacionaldejuecesrd.net

Targets

- Target
  
  WTH3T14PEXvO4Yn.exe
- Size
  
  556KB
- MD5
  
  d1202be1c5788f37e6a1f5d382c760ff
- SHA1
  
  f284448cf2b12e5317a4f6abeb6064e418aa4fd6
- SHA256
  
  f8d1c5af5232520c1d2a2fc161653d57f0e8f3d7ce04db204d4a2c1d646ea2cf
- SHA512
  
  e5ed94191d82ae4bd8671912205f5a63b72445b559160ee259bd7ebf546674a4d0d88d3f5f9432e1492d69dcbff87c15f142d1e3c7e20362b2e2cea49b2dac0b
Score

10^/10

xloader pufi loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2