xloader

General

Target

b7c94551aecf1c6d81d3bd7986e06667fadc6bd496ce7133d671d0c79137eb51
Size

925KB
Sample

220203-k7mxrafae4
MD5

8b454ae6b6f885af5d1f4213d3733777
SHA1

1a72c8ecd2c4dd7d4e86ae3019635fa100475671
SHA256

b7c94551aecf1c6d81d3bd7986e06667fadc6bd496ce7133d671d0c79137eb51
SHA512

bb9e08d9953fb4fbf335ee76494c11a93b817af5c1584f9f6a87d999bacf55453238c62f6be3e67d0de61f5c3d66901aa25f68f71984a3a11726a5d235f1def1

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

- Target
  
  DHL Shipping Notification-pdf.exe
- Size
  
  1.2MB
- MD5
  
  972c10b3ab4db3207f027df78a76cb86
- SHA1
  
  f53e4798488151d26cfd070d0cc7e50f5b5950da
- SHA256
  
  eebf2b5d558c3f39f52538f7d3175c732f38351dca734eb37bf975796dcc086a
- SHA512
  
  5a30de7125d1ae7f25ddece4defe9bc109f83fee53112e8462b756ed805495f985d3795ac997e770e61a807bd09c9c06bc5e167f12038e035b76cbb8dee1d785
Score

10^/10

xloader ipa8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2