xloader

General

Target

Order-410692-pdf.pif
Size

283KB
Sample

220120-rp5s6sace3
MD5

206826730fc880f75d51f38c2cd94561
SHA1

7d67331de09a33ffcdc8f3b174bedf049f79d2b9
SHA256

44b17de7c324ff60a195215bf1a73eb41febf731f86699848e68815db5978387
SHA512

f4878c0a31e0f7bdfce83f859a70c0b8fed605bfcab5a3e28b97824097989407ad08a30ca1fe8054211bfd7e34ee538160ffaad7b9bd0ffb4c94eba9515210fe

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

sgadvocats.com

mjscannabus.com

hilldaley.com

ksdollhouse.com

hotgiftboutique.com

purebloodsmeet.com

relaunched.info

cap-glove.com

productcollection.store

fulikyy.xyz

remoteaviationjobs.com

bestcleancrystal.com

virtualorganizationpartner.com

bookgocar.com

hattuafhv.quest

makonigroup.com

officecom-myaccount.com

malgorzata-lac.com

e-learningeducators.com

hygilaur.com

Targets

- Target
  
  Order-410692-pdf.pif
- Size
  
  283KB
- MD5
  
  206826730fc880f75d51f38c2cd94561
- SHA1
  
  7d67331de09a33ffcdc8f3b174bedf049f79d2b9
- SHA256
  
  44b17de7c324ff60a195215bf1a73eb41febf731f86699848e68815db5978387
- SHA512
  
  f4878c0a31e0f7bdfce83f859a70c0b8fed605bfcab5a3e28b97824097989407ad08a30ca1fe8054211bfd7e34ee538160ffaad7b9bd0ffb4c94eba9515210fe
Score

10^/10

xloader uar3 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2