xloader

General

Target

Nc162VSyId1HcRH.exe
Size

389KB
Sample

220129-q3485acag4
MD5

01190158d9f1303cdcd3b00037dd093a
SHA1

07f1eca8ba4ffd276a207acbfe943dc3bb82beec
SHA256

9c9391787e2960bdf7769a7cdef7488571a181336110a0d70322d3a870ecf775
SHA512

98aa8a6b4eb8d0caf7d1bddefcdda3cdaeb38a711b6404ede7deac770bccc565880f0bda39e02faa4b56f877853c1aedde0e0810d922e2ccf6de9a52202c8dc7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b3xd

Decoy

nestonconstruction.com

ratnainternational.com

3bersaudara.com

scottkmoody.store

1metroband.com

prechit.com

desertbirdmercantile.com

marciabernice.com

packard.vote

selo.global

fourthandwhiteoak.com

ecoplagas.online

api-jipotvcom.xyz

shabellafurniture.com

maxmonacomarble.com

imprimiruncalendario.com

cochepordinero.net

teamosu.club

therightleftfoot.com

mitt-masters.com

Targets

- Target
  
  Nc162VSyId1HcRH.exe
- Size
  
  389KB
- MD5
  
  01190158d9f1303cdcd3b00037dd093a
- SHA1
  
  07f1eca8ba4ffd276a207acbfe943dc3bb82beec
- SHA256
  
  9c9391787e2960bdf7769a7cdef7488571a181336110a0d70322d3a870ecf775
- SHA512
  
  98aa8a6b4eb8d0caf7d1bddefcdda3cdaeb38a711b6404ede7deac770bccc565880f0bda39e02faa4b56f877853c1aedde0e0810d922e2ccf6de9a52202c8dc7
Score

10^/10

xloader b3xd loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2