xloader

General

Target

299d8629d8233d33035dbefb2b754adf.exe
Size

311KB
Sample

211207-p4mj2ahcej
MD5

299d8629d8233d33035dbefb2b754adf
SHA1

47ea18659001494aa5f39a58cbb355d8b8da463d
SHA256

a2430f629b428996d1c3b6a62e9f5c0a85f02a4eb0b1dcbd0090ed44daee2525
SHA512

68a55921b08da3c595801f5e5cc46425e2cbbff2b674e960294246d5233d5515a1c1a803b02f26beb288065642608bc77f62801acfe886666d96301b4e86994d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ecaq

C2

http://www.lesventsfavorables.com/ecaq/

Decoy

hanshao886837.com

darknessinwhite.com

hermetiktipkombi.com

donalsupplies.xyz

fyourscript.com

emotionfocusedapproaches.com

companyinteldata.com

msiscripting.com

masu-masu-hitomi.com

melbourneweddingofficiant.com

trendyhunterr.com

clawfootdesigns.com

mrwhiskysteve.com

enkaguclendirme.com

ceuta-inversiones.com

gzz06j.cloud

tanahvilamalino.online

click-explore.com

quanqiu22222.com

m4ob.com

Targets

- Target
  
  299d8629d8233d33035dbefb2b754adf.exe
- Size
  
  311KB
- MD5
  
  299d8629d8233d33035dbefb2b754adf
- SHA1
  
  47ea18659001494aa5f39a58cbb355d8b8da463d
- SHA256
  
  a2430f629b428996d1c3b6a62e9f5c0a85f02a4eb0b1dcbd0090ed44daee2525
- SHA512
  
  68a55921b08da3c595801f5e5cc46425e2cbbff2b674e960294246d5233d5515a1c1a803b02f26beb288065642608bc77f62801acfe886666d96301b4e86994d
Score

10^/10

xloader ecaq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2