xloader

General

Target

1480f1e7c67eba8390ea572cd3b9b133bb6da142e689979d581a46f1672c197c
Size

369KB
Sample

220207-atg48sdcc2
MD5

20a5d9c849989672de66b624250dadfa
SHA1

404e5793ff2af295fb2723deb1705a545d9f07a9
SHA256

1480f1e7c67eba8390ea572cd3b9b133bb6da142e689979d581a46f1672c197c
SHA512

ff9176d4080eaebba85bee2446d435e8fd919a626a90645d288032fb75620e096afcf150446b722e42557e139626974e5819a20ab87e514a07450341cba8df1b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

daliglobalservice.com

thenationschristianchurch.com

aliqy.com

grace-saunders.com

endlessretirement.com

stanleycupticket.com

dltgame.club

healthqnahindi.com

salniyrk.icu

laurasbaked.com

vintagechinese.com

agrocomposites.com

aimedsports.com

vegeatsdirect.com

goh-pbl.com

fairview.global

affiliateprogramscenter.com

blogizarshop.com

loorzon.com

curtex.info

Targets

- Target
  
  New Purchase Order.exe
- Size
  
  747KB
- MD5
  
  99e9bf49fad21cd57261f354af9742e4
- SHA1
  
  28e1025ad185b7502568d4dbdab483b25b8e0fac
- SHA256
  
  92ddc88d7c1bde849c18747f4fcd526c240a81efe9c74ee1dcaa4a72ecc9ac3a
- SHA512
  
  1c8e9d9e6052ebb054623aaaadde67627e0cb07f576cc8aaa5be5f48dcc34370d8658148a9716c8ca139742dbe4145bb3f4c365b2e23012138f1aace61280bbc
Score

10^/10

xloader noi6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2