xloader

General

Target

tmp/a67b2f3e-30bd-4dbe-a653-3e9540c19f99_wwwp.exe
Size

429KB
Sample

211221-fm1kwscce2
MD5

c9727c5b8745f7f82b34cee30f813d32
SHA1

b84073db9df1b5bfbfa69195df583dd578e65942
SHA256

86038d1c832f057fa49a55a5305c87ab1f7baaaa7fd3e199adefcf1e4dccc721
SHA512

a5b20863021bbf35889f8277f1e65890c614b5f5f9cae3b7554f9728a4d85b9b3176b89ee0e92157882a65e0031e6e437240399d0c1a84f1552fffed64385d80

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

- Target
  
  tmp/a67b2f3e-30bd-4dbe-a653-3e9540c19f99_wwwp.exe
- Size
  
  429KB
- MD5
  
  c9727c5b8745f7f82b34cee30f813d32
- SHA1
  
  b84073db9df1b5bfbfa69195df583dd578e65942
- SHA256
  
  86038d1c832f057fa49a55a5305c87ab1f7baaaa7fd3e199adefcf1e4dccc721
- SHA512
  
  a5b20863021bbf35889f8277f1e65890c614b5f5f9cae3b7554f9728a4d85b9b3176b89ee0e92157882a65e0031e6e437240399d0c1a84f1552fffed64385d80
Score

10^/10

xloader ef6c loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2