xloader

General

Target

SOA _ Aug-Dec 2021 Require Sign&Seal stamp.rar
Size

401KB
Sample

220204-gpamxsegh6
MD5

e97e3c4deb23dddccb0920e7b38a3f0a
SHA1

d1598573e30aafd8169d6a7ab067e1a28dd775a8
SHA256

5e323290dee2f509e1e55df44b4b9630b0dbdb62f9a6eb96f01e8a12b7a2ac22
SHA512

95b8d5593f6a20494db53523465226952735be94c14ef827e97594e25b67036737fd8bf9469784ca85a10175a2510ce6233ccabd6b32c543167f2c411167daed

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pout

Decoy

leadergaterealty.com

k7bsz.info

laidjapp1.com

eastcountytaxi.com

betterlife-uae.com

materaiku.com

chanhxebinhthuan-hcm.online

06gjm.xyz

67t.xyz

here-we-meet.com

screened-articletoseetoday.info

lucykg.club

mujdobron.quest

susakhi.com

funtabse.com

unlimitedpain.com

2ed58fwec.xyz

weighttrainingexpert.com

allisonsheillax.com

yektaburgers.com

Targets

- Target
  
  SOA _ Aug-Dec 2021 Require Sign&Seal stamp.exe
- Size
  
  563KB
- MD5
  
  6ba8c1b65f0d629b681ef2a34cb24785
- SHA1
  
  18c8b83ff38a0b5a650cfbd0392bef190fe81921
- SHA256
  
  f61b011c13db4d0cf3d35a73c8e1cf9edd3505c68013af06e24f7c0a857c6dc3
- SHA512
  
  e5b0bf176ca0d0108ab6c526ad1f0e13b25b5d9eb86f6f47e60454bdbaa36005f809b91b3ffa62edf8927fbd56d341e0356acf4985a184d6732666773c91718d
Score

10^/10

xloader pout loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2