xloader

General

Target

e8093e6a8950b5a7558a603be6ab6ccc.exe
Size

1.0MB
Sample

211207-pyg3cscae7
MD5

e8093e6a8950b5a7558a603be6ab6ccc
SHA1

ace0206e65b480cff6802ee7439cf020c9048283
SHA256

a8026cedc6f508f5fb982c7bd33732418e056de7c82a3633f7f5bd68c6bace9d
SHA512

ee961d42b84eaa424303080fa6ea48b05c220e86eba0acc8ac80802ec9058e51029ef6f7e9a8e212ab544092d606706b9206537207dae627dfd9dc890bd0d3bf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sb6n

C2

http://www.best5amazon.com/sb6n/

Decoy

bogosamba.com

inmobiliariapuertalavilla.com

nopressurewellness.com

hairshopamity.com

epicmoments360.com

tutorgpa.com

fucibou.xyz

135631.com

portraydashcam.com

raqsarabia.com

okantis.net

vongquaykimcuongfreefire.online

prodom.online

5537sbishop.info

lisakenneyinc.com

fivetime.xyz

borzv.com

joungla.com

mas-urbano.com

sjczyw.com

Targets

- Target
  
  e8093e6a8950b5a7558a603be6ab6ccc.exe
- Size
  
  1.0MB
- MD5
  
  e8093e6a8950b5a7558a603be6ab6ccc
- SHA1
  
  ace0206e65b480cff6802ee7439cf020c9048283
- SHA256
  
  a8026cedc6f508f5fb982c7bd33732418e056de7c82a3633f7f5bd68c6bace9d
- SHA512
  
  ee961d42b84eaa424303080fa6ea48b05c220e86eba0acc8ac80802ec9058e51029ef6f7e9a8e212ab544092d606706b9206537207dae627dfd9dc890bd0d3bf
Score

10^/10

xloader sb6n loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2