xloader

General

Target

b3ff7e6cb9bc72f87b0746bb1ab2af4753041d768605152e0c24449b3c4b555a
Size

364KB
Sample

220121-1bejhabcd8
MD5

4f78037cebef8b31be3f4ba0e89aa3bb
SHA1

c55d00f67e3ccfe2f13987a76ebfbe6cd60a8e75
SHA256

b3ff7e6cb9bc72f87b0746bb1ab2af4753041d768605152e0c24449b3c4b555a
SHA512

317ecd46c9a2b3f66864436ee31d99ceb04554f4e78bd758937043e6d75f930d98dc9c8fdba2ea8e562be9c578f0e7982915b7ecc379ed6c90c5c22e8044b622

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n8bs

Decoy

monese-bank.com

silkypumps.xyz

tashabouvier.com

eduardoleonsilva.com

pinnaclecorporaterentals.com

megafluids.com

worldwidecarfans.com

benjamlnesq.com

unitedraxiapp.com

thetanheroes.com

jypmore.quest

indianasheriffs.biz

saintinstead.com

alldansmx.com

trulyproofreading.com

indotogel369.com

mermadekusse.store

radosenterprisellc.com

gseequalservices.com

techride.xyz

Targets

- Target
  
  New Order.34902.exe
- Size
  
  399KB
- MD5
  
  ea933aa3352fc43147ece400442cdcbd
- SHA1
  
  2aed0cbbd1aa52c5b9058606b8fd6fa4bfa4363d
- SHA256
  
  c3096cfa6809f117e6d9d1011c57a91ab81055d92ff3348c51c47ceed7e330bc
- SHA512
  
  0ea6790fc9a269d7c874d8522576c9cc1c95addcb06cd5a9569dea3b5789863a1962cccc63c4f1049fd15c880b7fecd292485817f4ee2c067922477230d3c1a3
Score

10^/10

xloader n8bs loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2