xloader

General

Target

tlBHrCrteFXy8Jz.exe
Size

775KB
Sample

220128-pxxfnadbg3
MD5

0e9943c0e2afaf5e9acec16ce184b444
SHA1

dc1c5f809a3e6e9a3358878d455cb235d2245460
SHA256

dc368951f1df68a92c51f9afe6ad73c717b040fb9af6a278e9201b176362ed70
SHA512

a7a7e54dc8a144266447b8c500a02adb2dcd855224f8780c6fbfe573ca3eedd1e78ab998aaa4adcfb1f717d670159b93d13cb340e2601fc936d0cc417b78eb50

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b3xd

Decoy

nestonconstruction.com

ratnainternational.com

3bersaudara.com

scottkmoody.store

1metroband.com

prechit.com

desertbirdmercantile.com

marciabernice.com

packard.vote

selo.global

fourthandwhiteoak.com

ecoplagas.online

api-jipotvcom.xyz

shabellafurniture.com

maxmonacomarble.com

imprimiruncalendario.com

cochepordinero.net

teamosu.club

therightleftfoot.com

mitt-masters.com

Targets

- Target
  
  tlBHrCrteFXy8Jz.exe
- Size
  
  775KB
- MD5
  
  0e9943c0e2afaf5e9acec16ce184b444
- SHA1
  
  dc1c5f809a3e6e9a3358878d455cb235d2245460
- SHA256
  
  dc368951f1df68a92c51f9afe6ad73c717b040fb9af6a278e9201b176362ed70
- SHA512
  
  a7a7e54dc8a144266447b8c500a02adb2dcd855224f8780c6fbfe573ca3eedd1e78ab998aaa4adcfb1f717d670159b93d13cb340e2601fc936d0cc417b78eb50
Score

10^/10

xloader b3xd loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2