xloader

General

Target

PENDING INVOICE & SOA.exe
Size

487KB
Sample

220131-lr7snaheg3
MD5

c961c07d14255cc3b92a963b205a1813
SHA1

be7d298bf6c8caa781ff4b317a7e298a4033a3e9
SHA256

ba141be73e37f7df95cb9f9019720cb8e1ee1b8415ba1775ffda49b58400392c
SHA512

edb3b7276db4ea207097630097c29b349aaf617ea3edcc749b4ef9e2ccf6a9bc200c755129390aa7ce9028f4ee6c706aefc99fa62b2d18fa037b373e88e3699f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m4ro

Decoy

schedulekeymail.com

ruteglobe.net

makspeed.online

legalsoftsolutions.info

sportdemands.com

ci-ohio.com

ge-endoscopy.com

edp7.com

teammississippistate.club

risingrecovery.info

shouldimint.com

haxeo0d1wo.com

tjxinglin.com

immigrationformsus.com

best-free-soccer-academy.com

iamvitalessence.com

hellranch.net

creamydickmail.com

standshopping.com

slayhernail.com

Targets

- Target
  
  PENDING INVOICE & SOA.exe
- Size
  
  487KB
- MD5
  
  c961c07d14255cc3b92a963b205a1813
- SHA1
  
  be7d298bf6c8caa781ff4b317a7e298a4033a3e9
- SHA256
  
  ba141be73e37f7df95cb9f9019720cb8e1ee1b8415ba1775ffda49b58400392c
- SHA512
  
  edb3b7276db4ea207097630097c29b349aaf617ea3edcc749b4ef9e2ccf6a9bc200c755129390aa7ce9028f4ee6c706aefc99fa62b2d18fa037b373e88e3699f
Score

10^/10

xloader m4ro loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2