xloader

General

Target

65231303dd5b070c5b5bcbba06839b0d.exe
Size

768KB
Sample

220125-jvcqksbfg3
MD5

65231303dd5b070c5b5bcbba06839b0d
SHA1

bdf5f1f2fc88253e0dd08b44be841513bcaaf581
SHA256

9b26849133bb64946dd7016479a09f500cc3af1386b7cadae5cfa737533f67f0
SHA512

753d9569eb18e98d235f441ddf7057bfa3cad04297b37e8e459a4ed84165d180584ab1b86acb70d380cfb8107e16ab87796b77079589841abade34cf46c35b08

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

Decoy

xn--qoq07c2d937c.com

centraliaapartment.com

seusucesso.online

paraquat-litigationhelp.com

thatsamirror.com

nwtxxe.website

styledns.com

dalealamusica.com

casixinc.com

candgconstructiontx.com

suityhaluat.quest

tristarmegah.com

soposhshop.com

rosevilletavernandgrillpa.com

galateaspain.com

06mpt.xyz

tongue.services

jw0074awscloud.com

layeronelabs.com

engelbrecht-ayurveda.net

Targets

- Target
  
  65231303dd5b070c5b5bcbba06839b0d.exe
- Size
  
  768KB
- MD5
  
  65231303dd5b070c5b5bcbba06839b0d
- SHA1
  
  bdf5f1f2fc88253e0dd08b44be841513bcaaf581
- SHA256
  
  9b26849133bb64946dd7016479a09f500cc3af1386b7cadae5cfa737533f67f0
- SHA512
  
  753d9569eb18e98d235f441ddf7057bfa3cad04297b37e8e459a4ed84165d180584ab1b86acb70d380cfb8107e16ab87796b77079589841abade34cf46c35b08
Score

10^/10

xloader b5ce loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2