xloader

General

Target

7.rar
Size

340KB
Sample

220127-rmtywsefb9
MD5

9d38623d5a6dc83748a85b1d564c1183
SHA1

a3edf8ba5c0b52f873af55375f799f5ed2993e50
SHA256

cf8caf5f845d723ece99b5cfad1a8e8a8ac7e8cbcb7f6d94d4b09737a4708ba9
SHA512

b272c9b167ebeb435ebfaa28732cfd3b8c2ddabc23134fa85f6ba1b6e226616390d79437ac0e3436df14c61000e94eb4571f925c9dcd4e04a6ba433fdbbb3899

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  Factura Comercial-X22-39.exe
- Size
  
  385KB
- MD5
  
  a9954d73fade284c611878218b1afd58
- SHA1
  
  6ec638c771b7456ded809baf9ecd0858de7e2252
- SHA256
  
  b609e98536a750a357b84b10ae805880ddb9ce1d7c045e889cef85a1bb7da2ec
- SHA512
  
  2482d0066f6a5cc634923df8fe5de645c8ac53c95652880130e7e217e7e06bd6626786285cf212846f3d41eb2a7ef8db77fcfeeb8fead01ccbea4d563d9ceded
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2