xloader

General

Target

FACTURA PENDIENTES.rar
Size

685KB
Sample

220126-pf2n2sdaf6
MD5

bdcb1b52e773de9a1e7de8ae25df8eb9
SHA1

97455175157d4f2be52e7a243ecc7b75c47575cf
SHA256

7f8229a539018ae9322b849fce445e7c57c2e76413449ea3c674ce1b2ed12037
SHA512

d62de48c1b7e3fb54cd2647c29d127aa9febabbdee024f5327f51425f5370da1324a7af21c4ce6907282a86e4895cea916475187e12d9fd5cd874c2dd02c1267

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cbgo

Decoy

tablescaperendezvous4two.net

abktransportllc.net

roseevision.com

skategrindingwheels.com

robux-generator-free.xyz

yacusi.com

mgav35.xyz

paravocecommerce.com

venkatramanrm.com

freakyhamster.com

jenaashoponline.com

dmozlisting.com

lorrainekclark.store

handyman-prime.com

thecrashingbrains.com

ukpms.com

livingstonemines.com

papeisonline.com

chrisbakerpr.com

omnipets.store

Targets

- Target
  
  2t9KtoR9xzpJY4E.exe
- Size
  
  836KB
- MD5
  
  bd741cc655060dbd3967455b7dd445b1
- SHA1
  
  94affa3cf3eca5bb47e57ca14fed414af9831c48
- SHA256
  
  f79592d7f8ba73cf16c31b3ac92427cdf99789a3eece4c873d0522b3429a783f
- SHA512
  
  41ac9e124aadffdf48691775affeaf552a77a3f0283969c374cc6f408756273746c98c26f47e3ddbee5557d18bdae591f13ea0af4e29954ef98a949917301a05
Score

10^/10

xloader cbgo loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2