xloader

General

Target

Invoice_xls.exe
Size

311KB
Sample

220119-g6nk4sfef7
MD5

11dd29bb7f2c5cb432b766b5b8dd828d
SHA1

d9fc2d3ef2af139ad15773b448ce1250c7262651
SHA256

2f2ba4f8549cb5de1822f0382532abdcdbd6fc2ad1f2d5120bb4c9f145e84f08
SHA512

9f33dd9911a99757f6b475a1a6725c980d27d18a2ee30bf51ebe6b0f33a4211e294bfae196ec94c44475b92ec08cef94bc0a53ea0c4180f8d49eb336c12f9253

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

3a4h

Decoy

mohamedmansour.net

asap.green

influxair.com

45mpt.xyz

cablerailingdesign.com

salesdisrupter.com

cxfarms.com

enerconfederal.com

pl1x.top

nyoz.top

fitnesz.website

minimi36.com

borealiselectricalrepair.com

miskalqurashi.com

importacionesdelfuturo.com

cigfinanacial.com

luxamata.xyz

digicoin724.com

gozabank.com

tribal-treasures.com

Targets

- Target
  
  Invoice_xls.exe
- Size
  
  311KB
- MD5
  
  11dd29bb7f2c5cb432b766b5b8dd828d
- SHA1
  
  d9fc2d3ef2af139ad15773b448ce1250c7262651
- SHA256
  
  2f2ba4f8549cb5de1822f0382532abdcdbd6fc2ad1f2d5120bb4c9f145e84f08
- SHA512
  
  9f33dd9911a99757f6b475a1a6725c980d27d18a2ee30bf51ebe6b0f33a4211e294bfae196ec94c44475b92ec08cef94bc0a53ea0c4180f8d49eb336c12f9253
Score

10^/10

xloader 3a4h loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2