xloader

General

Target

Payment-402.rar
Size

305KB
Sample

220114-exycvaeca5
MD5

ba41d4ff5f2e63e56a443ef942df6cb9
SHA1

6daaf2ddacb8d39b9773e7a7da6cb99c245eb4b9
SHA256

e43ea25592b2793c140a8811afd58bb5bfbc1806d40c53af86944ed145ee3f14
SHA512

08f8813856a97253a5cfcc1f4e943901bb0bd9c2d4c1a329bcdf87b77d68e0052d21b9c46b85a96f6aef1f34ed6f717f3dcf5d37a0a6751ff880164fed97d961

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  Payment-402.exe
- Size
  
  1.2MB
- MD5
  
  7f9d26535c38eee3561f2e7c214f9854
- SHA1
  
  80074b8467cb52e6c36d587e1571045bf93521b5
- SHA256
  
  4d58c656b52ad9e501a74866dd2f0b2fd00ea4cd92013540edaa91f31f2159ae
- SHA512
  
  97fab9b908fa0eaadfc971c3ff0b34e98a2ea3d33bc8a062f0f3b35631a0ca16d86b24935c6fb38a10d36675316a90500603ba4c88481b6bd058baf49958ca73
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2