xloader

General

Target

4bf4e652eb6c4ddf2aad421319ffe70b
Size

480KB
Sample

220126-tmx2nafabl
MD5

4bf4e652eb6c4ddf2aad421319ffe70b
SHA1

be66a92051c8414a1383c414819c06a26ae1f973
SHA256

5a65adb2a2830e0dad5cb8d22641a71fb5a9c8141d77c64ce1e285a93954b052
SHA512

5d864a09c6603d68916d583ea776e6f5aeed66825abc398fd460d7a00438fb2ce0c108537612c8b727efa5dec52a8334d334161646b0df7514b60a9572b4b5ae

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

- Target
  
  4bf4e652eb6c4ddf2aad421319ffe70b
- Size
  
  480KB
- MD5
  
  4bf4e652eb6c4ddf2aad421319ffe70b
- SHA1
  
  be66a92051c8414a1383c414819c06a26ae1f973
- SHA256
  
  5a65adb2a2830e0dad5cb8d22641a71fb5a9c8141d77c64ce1e285a93954b052
- SHA512
  
  5d864a09c6603d68916d583ea776e6f5aeed66825abc398fd460d7a00438fb2ce0c108537612c8b727efa5dec52a8334d334161646b0df7514b60a9572b4b5ae
Score

10^/10

xloader ahc8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2