xloader

General

Target

Payment-402.exe
Size

1.2MB
Sample

220111-n6cbeafec9
MD5

7f9d26535c38eee3561f2e7c214f9854
SHA1

80074b8467cb52e6c36d587e1571045bf93521b5
SHA256

4d58c656b52ad9e501a74866dd2f0b2fd00ea4cd92013540edaa91f31f2159ae
SHA512

97fab9b908fa0eaadfc971c3ff0b34e98a2ea3d33bc8a062f0f3b35631a0ca16d86b24935c6fb38a10d36675316a90500603ba4c88481b6bd058baf49958ca73

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  Payment-402.exe
- Size
  
  1.2MB
- MD5
  
  7f9d26535c38eee3561f2e7c214f9854
- SHA1
  
  80074b8467cb52e6c36d587e1571045bf93521b5
- SHA256
  
  4d58c656b52ad9e501a74866dd2f0b2fd00ea4cd92013540edaa91f31f2159ae
- SHA512
  
  97fab9b908fa0eaadfc971c3ff0b34e98a2ea3d33bc8a062f0f3b35631a0ca16d86b24935c6fb38a10d36675316a90500603ba4c88481b6bd058baf49958ca73
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2