xloader

General

Target

d4c17fcd13114a49f294770bc4f496ff.exe
Size

535KB
Sample

211207-p476qshcfk
MD5

d4c17fcd13114a49f294770bc4f496ff
SHA1

b30ec81da45f27f6fe16cde324e4580ee434cb53
SHA256

72fa6db7a26f706a401ec08755e29dd21034f7018e784be28b42df9001c2c9c9
SHA512

f749f3506fe70e3801f9419d8f8eec43c7d60f16a9ede617cfa23c9832e7c3c820aa35ca6dc00544b1e9781f8d31f0ff4588692d7f8b51b47e0f927f2a88d789

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hf9j

C2

http://www.dubaibiologicdentist.com/hf9j/

Decoy

afrifarmgroup.com

coffeeassiciation.com

unlimit-ed.com

guy.rest

dnemperor.com

ringstorule.com

reelnasty.com

travelgleam.com

sagestyleresale.com

jiaoyizhuan.club

fastred.biz

xn--fiqs8srv0ahj5a.xn--czru2d

eden-foundation.com

exquisite-epoxy-systems.com

luxurycaroffer.com

sdffzc.com

suvsdealsonlinesearchdusorg.com

weihaits.com

fetch-us-mtg-refi.zone

uterinevmkvhm.online

Targets

- Target
  
  d4c17fcd13114a49f294770bc4f496ff.exe
- Size
  
  535KB
- MD5
  
  d4c17fcd13114a49f294770bc4f496ff
- SHA1
  
  b30ec81da45f27f6fe16cde324e4580ee434cb53
- SHA256
  
  72fa6db7a26f706a401ec08755e29dd21034f7018e784be28b42df9001c2c9c9
- SHA512
  
  f749f3506fe70e3801f9419d8f8eec43c7d60f16a9ede617cfa23c9832e7c3c820aa35ca6dc00544b1e9781f8d31f0ff4588692d7f8b51b47e0f927f2a88d789
Score

10^/10

xloader hf9j loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2