xloader

General

Target

a3eddc5e0885b4be2b72e3e2f24eed7c
Size

251KB
Sample

220125-n5q36sffa5
MD5

a3eddc5e0885b4be2b72e3e2f24eed7c
SHA1

a561c6eb59d66ac7d0a89b586fc38f1fd88d1623
SHA256

9f35e751b58fdca3b7156eba1bf2a56c88d3d5ce5e35de6b2797e6c8ba6ec0d8
SHA512

19b12ddc4c0979eeb15d13d230a5d72d97a0899414c6b2d5393ee119719dc2c7684beb7fccff8838a4b69951359808ff81b2a68e8111334eb53ba6d1fc4ec5a4

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u6vb

Decoy

blendedmatter.com

piquinmarketing.com

dubkirelax.online

optimumotoaksesuar.com

bendisle.com

islamicgeometricpatterns.net

cheesebox.online

lh-coaching.com

buildingmaterial.info

backwoods72.com

goodtreetee.com

zknqqpvsypx.mobi

phukienstreaming.com

turkistick.com

cbd-shop-portugal.com

imherllc.com

krallechols.quest

ttmmb.com

pornmodelsworld.com

weakyummy.space

Targets

- Target
  
  a3eddc5e0885b4be2b72e3e2f24eed7c
- Size
  
  251KB
- MD5
  
  a3eddc5e0885b4be2b72e3e2f24eed7c
- SHA1
  
  a561c6eb59d66ac7d0a89b586fc38f1fd88d1623
- SHA256
  
  9f35e751b58fdca3b7156eba1bf2a56c88d3d5ce5e35de6b2797e6c8ba6ec0d8
- SHA512
  
  19b12ddc4c0979eeb15d13d230a5d72d97a0899414c6b2d5393ee119719dc2c7684beb7fccff8838a4b69951359808ff81b2a68e8111334eb53ba6d1fc4ec5a4
Score

10^/10

xloader u6vb loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2