xloader

General

Target

9bfaf6acafe2d384f35706a58b11f641.exe
Size

249KB
Sample

220126-s1kg2seehk
MD5

9bfaf6acafe2d384f35706a58b11f641
SHA1

ee776c41bc6d03603cb9d92e8a342d8819595c8e
SHA256

c5aee60b133436eb2898a5ee22d8cc124d6f8716448114161097d62604083b34
SHA512

f121b86703d476c3940db18b596250ac0f35af38669a0e2979562cc354d0c8679cf5830d289fa6a6163f9ebd794b74668ce196205b9889ac701c457c71795c7c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sa3t

Decoy

mendazilima.quest

britishdrivers-uk.online

clear-rails.com

emagrecacomsaudesempre.online

sppn.info

prestigepropiedadraiz.com

therenewalprojectmastermind.com

mileylovu.com

lmhaglund.com

apentrenadores.com

charminggrooming.com

pgonline888.online

powify.net

deadlyubohe.quest

testimonial.direct

59sth.com

scbnetcomn.xyz

gejservices.com

kemalilik.com

romcollectionmelbourne.com

Targets

- Target
  
  9bfaf6acafe2d384f35706a58b11f641.exe
- Size
  
  249KB
- MD5
  
  9bfaf6acafe2d384f35706a58b11f641
- SHA1
  
  ee776c41bc6d03603cb9d92e8a342d8819595c8e
- SHA256
  
  c5aee60b133436eb2898a5ee22d8cc124d6f8716448114161097d62604083b34
- SHA512
  
  f121b86703d476c3940db18b596250ac0f35af38669a0e2979562cc354d0c8679cf5830d289fa6a6163f9ebd794b74668ce196205b9889ac701c457c71795c7c
Score

10^/10

xloader sa3t loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2