xloader

General

Target

commercial invoice_010202201.exe
Size

238KB
Sample

220114-k84xnafdc2
MD5

acbc7357e4fb7d8d4874ecbeb0c5bd0f
SHA1

f423fed0f335e5c31d7b799aba25469420fb6009
SHA256

73f458d7e38ab748b7b7d3b3e680db9eb08d845c1b1b7c935a6ee453d8f03358
SHA512

f492401628f2970d3a0056091aea7b7af9938da1d885e0f1a2946f3fed84eb8d132de8f926345791444de7c72c8adbb150d19cd5f81acc8fa1a043d6b0edd17d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

igwa

Decoy

listingswithalex.com

funtabse.com

aydenwalling.com

prochal.net

superfoodsnederland.com

moldluck.com

dianekgordon.store

regionalhomescommercial.com

mysecuritymadesimple.com

malwaremastery.com

kodaikeiko.com

jrzg996.com

agricurve.net

songlingjiu.com

virginianundahfishingclub.com

friendschance.com

pastelpresents.com

answertitles.com

survival-hunter.com

nxfddl.com

Targets

- Target
  
  commercial invoice_010202201.exe
- Size
  
  238KB
- MD5
  
  acbc7357e4fb7d8d4874ecbeb0c5bd0f
- SHA1
  
  f423fed0f335e5c31d7b799aba25469420fb6009
- SHA256
  
  73f458d7e38ab748b7b7d3b3e680db9eb08d845c1b1b7c935a6ee453d8f03358
- SHA512
  
  f492401628f2970d3a0056091aea7b7af9938da1d885e0f1a2946f3fed84eb8d132de8f926345791444de7c72c8adbb150d19cd5f81acc8fa1a043d6b0edd17d
Score

10^/10

xloader igwa loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2