xloader

General

Target

d0b80145320f4c9ca761c77083205e29.exe
Size

295KB
Sample

220118-w4wk9sceek
MD5

d0b80145320f4c9ca761c77083205e29
SHA1

b0f64f67fa624255463cb8c1c27601d15619bd55
SHA256

38ff81c0547d423ae07f234ec45351dd976300cc5197274b6be8dad0b89ec61e
SHA512

ff5a108bb88627f48ece4bd140bc04553abdb262ede867e4a593fb5d59d0dc29c6e552ee66e75efb649961fb8da857f7a3d7ab9b3235769ee341ae85243aed73

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

jdo2

Decoy

adopte-un-per.com

lmandarin.com

shonemurawni.quest

bantasis.com

jsdigitalekuns.net

hiddenroom.net

arungjerampangalengan.com

yinghongxw.com

buzzcupid.com

lattent.digital

faxtoemailguide.com

romanticfriryrose.com

ruleaou.com

mochiko-blog.com

sekireixploit.com

bcx-wiremesh.com

jobportalsg.com

wysspirit.com

iflycny.com

sh-cy17.com

Targets

- Target
  
  d0b80145320f4c9ca761c77083205e29.exe
- Size
  
  295KB
- MD5
  
  d0b80145320f4c9ca761c77083205e29
- SHA1
  
  b0f64f67fa624255463cb8c1c27601d15619bd55
- SHA256
  
  38ff81c0547d423ae07f234ec45351dd976300cc5197274b6be8dad0b89ec61e
- SHA512
  
  ff5a108bb88627f48ece4bd140bc04553abdb262ede867e4a593fb5d59d0dc29c6e552ee66e75efb649961fb8da857f7a3d7ab9b3235769ee341ae85243aed73
Score

10^/10

xloader jdo2 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2