xloader

General

Target

SOA & INV FOR OCT'21.exe
Size

426KB
Sample

211109-p73enafce5
MD5

6807709a74cde5eafc0f8c668a13be81
SHA1

460279d69c1ddd6d36ed25e7985e9e2bbad7ad65
SHA256

696ba6fed0994cac4e47993f336820499cd3faf3ce4713d4e0be0ea0d91748af
SHA512

bd75b2f3aaa316028e489eec30df49cd02ce6320ba3faebe24ac88f177434ca45638cb7118972ff86e9c16d2a44caf1cb400bcc42363fc9de7cbf96dd872f032

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

C2

http://www.52xjg3.xyz/u0n0/

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

- Target
  
  SOA & INV FOR OCT'21.exe
- Size
  
  426KB
- MD5
  
  6807709a74cde5eafc0f8c668a13be81
- SHA1
  
  460279d69c1ddd6d36ed25e7985e9e2bbad7ad65
- SHA256
  
  696ba6fed0994cac4e47993f336820499cd3faf3ce4713d4e0be0ea0d91748af
- SHA512
  
  bd75b2f3aaa316028e489eec30df49cd02ce6320ba3faebe24ac88f177434ca45638cb7118972ff86e9c16d2a44caf1cb400bcc42363fc9de7cbf96dd872f032
Score

10^/10

xloader u0n0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2