xloader

General

Target

tmp/a3339059-12f1-4e1d-aa46-b3ec1662c596_vbc.exe
Size

457KB
Sample

211218-fm17esfcdj
MD5

e4133afba26efde5b01959df65c3eeb4
SHA1

ea2b48d0f50918e47b4657fd5774c2766c640f0a
SHA256

b30e2fa345e02eecf58f3672cab4f07b4c6f84712c7dee9a64ca3005ac7bf255
SHA512

563b0a1c9663c7c8a768ca6a50e8a27aa775a15282bf9dc00dc03d24ce8114a4c521d250e8ca49dea05549b791806dcd91bb856f8aa725155b2d52c19f7392ba

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  tmp/a3339059-12f1-4e1d-aa46-b3ec1662c596_vbc.exe
- Size
  
  457KB
- MD5
  
  e4133afba26efde5b01959df65c3eeb4
- SHA1
  
  ea2b48d0f50918e47b4657fd5774c2766c640f0a
- SHA256
  
  b30e2fa345e02eecf58f3672cab4f07b4c6f84712c7dee9a64ca3005ac7bf255
- SHA512
  
  563b0a1c9663c7c8a768ca6a50e8a27aa775a15282bf9dc00dc03d24ce8114a4c521d250e8ca49dea05549b791806dcd91bb856f8aa725155b2d52c19f7392ba
Score

10^/10

xloader fqiq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2