xloader

General

Target

IMG-022013758.exe
Size

1.2MB
Sample

220110-2yznmaegc9
MD5

911dd6e4e76bd413bd62a3de696f6982
SHA1

ad9ad231d5a86565f5ab719dd4a0e3eab42cfc5d
SHA256

4724b55ca938b0bbdc393ddfecec9ccad30b911490e9fc1922546596526cdb04
SHA512

b37bbf84af87cc3d17cafecbc351104344d665c39ffd8efc0801819c0f15a5f4d032ae8d6e0b46357f75a63aabcac3d6f9a2b68c4c2883c3168e6d0e39e97317

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p8ce

Decoy

wishmeluck1.xyz

nawabumi.com

terra.fish

eoraipsumami.quest

awakeningyourid.com

csyein.com

tslsinteligentes.com

cataractusa.com

capitalwheelstogo.com

staffremotely.com

trashbinwasher.com

blaneyparkrendezvous.com

yolrt.com

northendtaproom.com

showgeini.com

b95206.com

almcpersonaltraining.com

lovabledoodleshome.com

woodlandstationcondos.com

nikahlive.com

Targets

- Target
  
  IMG-022013758.exe
- Size
  
  1.2MB
- MD5
  
  911dd6e4e76bd413bd62a3de696f6982
- SHA1
  
  ad9ad231d5a86565f5ab719dd4a0e3eab42cfc5d
- SHA256
  
  4724b55ca938b0bbdc393ddfecec9ccad30b911490e9fc1922546596526cdb04
- SHA512
  
  b37bbf84af87cc3d17cafecbc351104344d665c39ffd8efc0801819c0f15a5f4d032ae8d6e0b46357f75a63aabcac3d6f9a2b68c4c2883c3168e6d0e39e97317
Score

10^/10

xloader p8ce loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2