xloader

General

Target

TT Slip $24,000.rar
Size

235KB
Sample

220129-kceynaggg4
MD5

fe9f56ee5a424b53161d4d29c1f10931
SHA1

809864bca989673afd82ad91b8ada5000f2046ed
SHA256

2664cc5138f3019f2c8d19395dad4d4778457da5ee222bca4fc11b62a10e442f
SHA512

37185e8f9ab83f6a642d2d52e8144de368f566fe9a5ffa5b34eb069027af861f375c3047209bcc6197e5fe806d9d0b733e23d0e8439aa5ac0a16a396b1473daa

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cxep

Decoy

estateglobal.info

loransstore.com

loginofy.com

fjallravenz.online

cefseguranca-app.com

safontadiestramiento.com

bubbleteapro.com

morethanmummies.com

serviciopersonalizadoweb.com

headerbidder.info

skworkforce.com

heightsorthodontics.com

chulavistapd.com

southjerseyautobody.net

chargedbygratitude.com

meltingpotspot.com

gdjiachen.com

luckdrawprogram.com

vintagepaseo.com

bequestslojyh.xyz

Targets

- Target
  
  HIRE SOA FOR DEC_2021.exe
- Size
  
  247KB
- MD5
  
  d8af2363d5a46336733b6121c0b4cf0e
- SHA1
  
  fcb0ee44436230d924b2550fc9935ee76f2498fe
- SHA256
  
  2a4415721925c12ce8a80719697ffbda5daf88fe34804b0549bc5d5605790cdb
- SHA512
  
  e34f724dc4a7837ff86ed5d5214e1ed22e5643bbd45f881066b05b4ae4766a6330a48db8e4ef8dcee9ca8bf5ace43d987a667f62ea086992d2ff1ee24875889d
Score

10^/10

xloader cxep loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2