xloader

General

Target

nueva lista de pedidos n.º 002622.exe
Size

134KB
Sample

220126-ty8yasfgb2
MD5

9de0585b387bb800a3c7758a07d0b713
SHA1

8f21c5cd550d80490963519a5021a57ad811c26e
SHA256

e20b3c660b0883091a7f144bcd97e45d74ba36a52d316d5be36b6d9c390dc490
SHA512

04702df8c0af6389ac2974fc2959ff6681de04dfb5eb7d8e24e965ab0a057218b73b18c382235f0b66338ef21daeccf5586d4f724d14681258300c1cb1aec94f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

iepw

Decoy

isabellechiritoiabogada.com

singaporeimpact.com

mdcxdgkr.com

fivestasrelectriccorp.com

apaspaa.com

datashen.com

yh2.space

remediationnews.com

randlesrice.com

mailclic.digital

n83a.com

wmeacc.com

cahuvoa.xyz

h0t-now.com

admtrans.com

yghdlhax.xyz

bakshipping.com

ambermariemusic.com

mandelbot.tech

cryptoassetmanager.xyz

Targets

- Target
  
  nueva lista de pedidos n.º 002622.exe
- Size
  
  134KB
- MD5
  
  9de0585b387bb800a3c7758a07d0b713
- SHA1
  
  8f21c5cd550d80490963519a5021a57ad811c26e
- SHA256
  
  e20b3c660b0883091a7f144bcd97e45d74ba36a52d316d5be36b6d9c390dc490
- SHA512
  
  04702df8c0af6389ac2974fc2959ff6681de04dfb5eb7d8e24e965ab0a057218b73b18c382235f0b66338ef21daeccf5586d4f724d14681258300c1cb1aec94f
Score

10^/10

xloader iepw loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2