xloader

General

Target

cd6a10ed726c2145da602a3f1de512a141fdb488be039ac0cb8b9eabf45b5775
Size

339KB
Sample

220124-m1qfeaech6
MD5

22cf5232c80a624f025874d13ee26acc
SHA1

ec73ae04b6603ba5ab462f6e507dde45a6d5d3c5
SHA256

cd6a10ed726c2145da602a3f1de512a141fdb488be039ac0cb8b9eabf45b5775
SHA512

663b959a4d684aa7ad1e302abbe39d5a53b58e85289d9b3223f7ac56fc65414f8532bfb86485ca1e4cafe791f25ce8b79a8a7b2b7ba961e150ab85ac11962cc8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  IMG-78293792.exe
- Size
  
  356KB
- MD5
  
  cb94f8bf4453d77ed35b4cccad18260c
- SHA1
  
  aeacb009addb2152c05a34537f565e66b32b25d2
- SHA256
  
  a39d6226eed5913f2f1d77991f011a386453d095689f85eb0ca14aac1d983466
- SHA512
  
  7fb17a554481d5ff6c28edd4ee43b9306a8e59ac9f992a2b6d243b2d88eb9daa997bbf5be962f331c6ec282b15e4e67107c233691a6b05d317957072754f4135
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2