xloader

General

Target

The Home Depot - Long Truong Creamic Co., Ltd - Jan 29.2022 - 1352.exe
Size

796KB
Sample

220131-hn8n1ahab3
MD5

66dc3a64aec357035dfdc6b348514554
SHA1

146c562011fc134080ceaeedf0fb92eb7bd5bf21
SHA256

4f538ee6b8d7c6e779e1af1945dbcf1903947f45e707e68b1be0ce6a43b8041f
SHA512

44b839db0494bf4eb2977e0496a023a1dad71964bc2c9788555c7d86fae26f7a325c423414efa193f81c9e48590b48df1d5975713170fc559958da6aa24881d4

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s9ne

Decoy

digital-performance-award.com

fioratti.xyz

designluxre.com

cngangdun.com

restaurantperladelmare.com

davinci65.info

glossmans.com

firstsmileimaging.com

indevmobility.biz

mvptcodesupport.com

crustenc.net

raleighsportsacademy.com

boytoyporn.com

rojaspass.com

acmepaysage.fr

shopatdean.xyz

leonergsteve18870.com

elnahuel.com

ils.network

canto-libero.com

Targets

- Target
  
  The Home Depot - Long Truong Creamic Co., Ltd - Jan 29.2022 - 1352.exe
- Size
  
  796KB
- MD5
  
  66dc3a64aec357035dfdc6b348514554
- SHA1
  
  146c562011fc134080ceaeedf0fb92eb7bd5bf21
- SHA256
  
  4f538ee6b8d7c6e779e1af1945dbcf1903947f45e707e68b1be0ce6a43b8041f
- SHA512
  
  44b839db0494bf4eb2977e0496a023a1dad71964bc2c9788555c7d86fae26f7a325c423414efa193f81c9e48590b48df1d5975713170fc559958da6aa24881d4
Score

10^/10

xloader s9ne loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2