xloader

General

Target

INV88272727271_REQUIREMENT_02727272272.pif
Size

245KB
Sample

220126-wr3h2sggg2
MD5

1a97ab72ef6c22d9508ad78db60ca205
SHA1

05122e7544d6eaa53aaf36cc34aff27a17a192d7
SHA256

947a0f977737ff7dfa8ae17eb2eff4b0ec4b51479c76f12f60d0b8c40ca9d323
SHA512

cb541ef914b7c998913dfe0359a1b42345fc5705f174399c8153cab4e2a6c542d6881ef00d83505c6fbc3b38c1eddf033bc90ca67dcc3050f8d3264caa34ed36

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rmfg

Decoy

prospectcompounding.com

grand-prix.voyage

solvingpklogc.xyz

eliamhome.com

gamevip88.club

arsels.info

dswlt.com

dchehe.com

lawyerjerusalem.com

pbnseo.xyz

apuryifuid.com

kiukiupoker88.net

leannonimpact.com

kare-furniture.com

mississaugaremax.online

zpyh198.com

dueplay.store

naimi.ltd

greenstepspodiatry.com

cewirtanen.com

Targets

- Target
  
  INV88272727271_REQUIREMENT_02727272272.pif
- Size
  
  245KB
- MD5
  
  1a97ab72ef6c22d9508ad78db60ca205
- SHA1
  
  05122e7544d6eaa53aaf36cc34aff27a17a192d7
- SHA256
  
  947a0f977737ff7dfa8ae17eb2eff4b0ec4b51479c76f12f60d0b8c40ca9d323
- SHA512
  
  cb541ef914b7c998913dfe0359a1b42345fc5705f174399c8153cab4e2a6c542d6881ef00d83505c6fbc3b38c1eddf033bc90ca67dcc3050f8d3264caa34ed36
Score

10^/10

xloader rmfg loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2