xloader

General

Target

tmp/36769828-ab8a-46e9-99bb-1ebf2457b96e_www.exe
Size

421KB
Sample

211221-frzt6adagk
MD5

d5a9019ac799cdf2fdf49993bebac1eb
SHA1

16b11ca099bed12861a3bfc2e0fb48b428794457
SHA256

e252161f453df98ede4b1a119e7e7254928c73a5f633b150c985253acb3d5e55
SHA512

acce4d30fc293853773ea8016c9b31ec1e2974c5e4e82de6b5306d03497b30502ae8f7d57eb976add2a4de1a619b4ffff40a348142b9e48a050820a180a0210c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

- Target
  
  tmp/36769828-ab8a-46e9-99bb-1ebf2457b96e_www.exe
- Size
  
  421KB
- MD5
  
  d5a9019ac799cdf2fdf49993bebac1eb
- SHA1
  
  16b11ca099bed12861a3bfc2e0fb48b428794457
- SHA256
  
  e252161f453df98ede4b1a119e7e7254928c73a5f633b150c985253acb3d5e55
- SHA512
  
  acce4d30fc293853773ea8016c9b31ec1e2974c5e4e82de6b5306d03497b30502ae8f7d57eb976add2a4de1a619b4ffff40a348142b9e48a050820a180a0210c
Score

10^/10

xloader ef6c loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2