xloader

General

Target

aad3d2ac3b190920fd8eac3aa73f6aa205d002a14421abafb2c51b13a73b6e37
Size

1.2MB
Sample

220129-rbb9pscbd7
MD5

b8bbf43ad54540181f1f1f6dac6fe052
SHA1

fb4af123b8b22875ec5a6799275d1e0a33ade4b2
SHA256

aad3d2ac3b190920fd8eac3aa73f6aa205d002a14421abafb2c51b13a73b6e37
SHA512

3dd55ac9c986fab8b607f3b3fc5fbad677f182a9ef1c892dc37f27d03d496b5239ee9db64e31e34ffc8587746ad93bd6573758e196cb3e6652655fb6683f9d52

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

- Target
  
  SKC360I2.EXE
- Size
  
  509KB
- MD5
  
  196b7f181400d2e97eb9579059cc900c
- SHA1
  
  4db7ff3d766b0fb98a6c70a4272aaf71a1a60180
- SHA256
  
  9343e815779a3b9b9520e1f781b89a20d1a7a961e56cb98e266880b7ab9e8f93
- SHA512
  
  e64427df89db6a971c453ad481477e78632732c3ca7b1b544324fc9ccb1e00a6d830879ff0408adefeff7f28cd5e3308f4c3f2a34f34a3e2334080de8489d6fa
Score

10^/10

xloader u0n0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2