xloader

General

Target

PO_101_130047762.bat
Size

641KB
Sample

220125-ab5skscfa9
MD5

64a55ea3ea24c0dc588b69a9b52d4d63
SHA1

6c18904214a95c08c5495a45666082fd619f3aff
SHA256

e7db2cf6be0191ff0e4e3249e2a559be905e299124fd5ee0b9e2d31ffefce58d
SHA512

34e43ee6d6c14aec0963140f0183cb8a3074eddddbe9f823135cd69f4815fd2adf4ceb4dd88f3c2e0da464cbdd82480a4f2e931e18924342cd0d6b16f4149f4f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cuig

Decoy

redhatnova.com

campify.store

isra-cards.com

iv-enter.com

tenantsforum.com

kg-zenith.com

phapvietdental.com

001ox.com

xn--pgb3df.com

kodikannath.com

thedeliciousrestaurant.com

041atk.xyz

thebithunt.com

pferde-vitalsysteme.com

bantasis.com

gee-law.com

missionew.com

tancouj.quest

zerogamessober.com

metropolitanprohealth.com

Targets

- Target
  
  PO_101_130047762.bat
- Size
  
  641KB
- MD5
  
  64a55ea3ea24c0dc588b69a9b52d4d63
- SHA1
  
  6c18904214a95c08c5495a45666082fd619f3aff
- SHA256
  
  e7db2cf6be0191ff0e4e3249e2a559be905e299124fd5ee0b9e2d31ffefce58d
- SHA512
  
  34e43ee6d6c14aec0963140f0183cb8a3074eddddbe9f823135cd69f4815fd2adf4ceb4dd88f3c2e0da464cbdd82480a4f2e931e18924342cd0d6b16f4149f4f
Score

10^/10

xloader cuig loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2