xloader

General

Target

BANK DETAILS IBAN GB63BUK.exe
Size

487KB
Sample

220131-lg25eshee5
MD5

8140f1759631b186202ced560119c003
SHA1

ea15e28741286b1d8f0f8007dc31c9c7a9655475
SHA256

5fa95a2623ad47a5b74d6fdc6f3f95b976af3e8a8a40838c5a5acfc9549e8add
SHA512

dbd1ff85c1f6114102cb54c87c1752b21378edc3a459aa932c92804114701dec1374ddef75e7ce096e93db23909ed3b776d1e5ef167b273e4fc278ce7029bada

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n8bs

Decoy

monese-bank.com

silkypumps.xyz

tashabouvier.com

eduardoleonsilva.com

pinnaclecorporaterentals.com

megafluids.com

worldwidecarfans.com

benjamlnesq.com

unitedraxiapp.com

thetanheroes.com

jypmore.quest

indianasheriffs.biz

saintinstead.com

alldansmx.com

trulyproofreading.com

indotogel369.com

mermadekusse.store

radosenterprisellc.com

gseequalservices.com

techride.xyz

Targets

- Target
  
  BANK DETAILS IBAN GB63BUK.exe
- Size
  
  487KB
- MD5
  
  8140f1759631b186202ced560119c003
- SHA1
  
  ea15e28741286b1d8f0f8007dc31c9c7a9655475
- SHA256
  
  5fa95a2623ad47a5b74d6fdc6f3f95b976af3e8a8a40838c5a5acfc9549e8add
- SHA512
  
  dbd1ff85c1f6114102cb54c87c1752b21378edc3a459aa932c92804114701dec1374ddef75e7ce096e93db23909ed3b776d1e5ef167b273e4fc278ce7029bada
Score

10^/10

xloader n8bs loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2