xloader

General

Target

2t9KtoR9xzpJY4E.exe
Size

836KB
Sample

220127-rxexqaega2
MD5

bd741cc655060dbd3967455b7dd445b1
SHA1

94affa3cf3eca5bb47e57ca14fed414af9831c48
SHA256

f79592d7f8ba73cf16c31b3ac92427cdf99789a3eece4c873d0522b3429a783f
SHA512

41ac9e124aadffdf48691775affeaf552a77a3f0283969c374cc6f408756273746c98c26f47e3ddbee5557d18bdae591f13ea0af4e29954ef98a949917301a05

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cbgo

Decoy

tablescaperendezvous4two.net

abktransportllc.net

roseevision.com

skategrindingwheels.com

robux-generator-free.xyz

yacusi.com

mgav35.xyz

paravocecommerce.com

venkatramanrm.com

freakyhamster.com

jenaashoponline.com

dmozlisting.com

lorrainekclark.store

handyman-prime.com

thecrashingbrains.com

ukpms.com

livingstonemines.com

papeisonline.com

chrisbakerpr.com

omnipets.store

Targets

- Target
  
  2t9KtoR9xzpJY4E.exe
- Size
  
  836KB
- MD5
  
  bd741cc655060dbd3967455b7dd445b1
- SHA1
  
  94affa3cf3eca5bb47e57ca14fed414af9831c48
- SHA256
  
  f79592d7f8ba73cf16c31b3ac92427cdf99789a3eece4c873d0522b3429a783f
- SHA512
  
  41ac9e124aadffdf48691775affeaf552a77a3f0283969c374cc6f408756273746c98c26f47e3ddbee5557d18bdae591f13ea0af4e29954ef98a949917301a05
Score

10^/10

xloader cbgo loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2