xloader

General

Target

F002_210.EXE
Size

444KB
Sample

211111-c9aq7safc4
MD5

574303294a25d3561a99399fdeacebf1
SHA1

ece6578330b7588a294b003cacde71bc788d9e20
SHA256

bbcacfd07ae8c0375c2853782025ef17c32177f78c83e367197e35d2de69826f
SHA512

1abf04c2cb8c15013e2c7086fddb458aafc412c8fdee8ff0094c278657200069d02e82fd9c0fc564ba2c7ddfe815e4c0725a2644fe94704691ba40cb71bc9067

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

C2

http://www.52xjg3.xyz/u0n0/

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

- Target
  
  F002_210.EXE
- Size
  
  444KB
- MD5
  
  574303294a25d3561a99399fdeacebf1
- SHA1
  
  ece6578330b7588a294b003cacde71bc788d9e20
- SHA256
  
  bbcacfd07ae8c0375c2853782025ef17c32177f78c83e367197e35d2de69826f
- SHA512
  
  1abf04c2cb8c15013e2c7086fddb458aafc412c8fdee8ff0094c278657200069d02e82fd9c0fc564ba2c7ddfe815e4c0725a2644fe94704691ba40cb71bc9067
Score

10^/10

xloader u0n0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2