xloader

General

Target

SKM-0614483-pdf.pif
Size

303KB
Sample

220121-31qdeadhd2
MD5

71899e3fb25c4c006de92ee2d13471c4
SHA1

181e3f00b56afdf6a51a90011fee175dc80e94d5
SHA256

2838dffa365f3f4d1b7b4c766cea66dc2be629fe7991c112894a40acae72e601
SHA512

287b884a2f261b04f3959efaaffd7efb0019b063dc7a62a610c84268f8ed7735af28277eea2451c67d653fcc08086a945a07e1ed0016f216feadd60b79df2214

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

sgadvocats.com

mjscannabus.com

hilldaley.com

ksdollhouse.com

hotgiftboutique.com

purebloodsmeet.com

relaunched.info

cap-glove.com

productcollection.store

fulikyy.xyz

remoteaviationjobs.com

bestcleancrystal.com

virtualorganizationpartner.com

bookgocar.com

hattuafhv.quest

makonigroup.com

officecom-myaccount.com

malgorzata-lac.com

e-learningeducators.com

hygilaur.com

Targets

- Target
  
  SKM-0614483-pdf.pif
- Size
  
  303KB
- MD5
  
  71899e3fb25c4c006de92ee2d13471c4
- SHA1
  
  181e3f00b56afdf6a51a90011fee175dc80e94d5
- SHA256
  
  2838dffa365f3f4d1b7b4c766cea66dc2be629fe7991c112894a40acae72e601
- SHA512
  
  287b884a2f261b04f3959efaaffd7efb0019b063dc7a62a610c84268f8ed7735af28277eea2451c67d653fcc08086a945a07e1ed0016f216feadd60b79df2214
Score

10^/10

xloader uar3 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2