xloader

General

Target

Swift mesajı 4.02.2022.exe
Size

7KB
Sample

220207-ncxp9abddl
MD5

877b1a2b61c1b9d6580ddab9416a4f2a
SHA1

553657a0141dd16f29dbe8ac254b8ce77b8857b2
SHA256

d11763e5e7a68e1ebd3c8094630dd0d1e184e08eeb9a9d5e3f8200e7aeb9aea9
SHA512

c13d8cfa5bd0f8de604128085b5aebb582f9d07fb36ea11d35c214bb827d30658c9d0d32f3458d20a43ded6a2c8137cf80748bb139751a94800f0ff149bad24a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p8ce

Decoy

wishmeluck1.xyz

nawabumi.com

terra.fish

eoraipsumami.quest

awakeningyourid.com

csyein.com

tslsinteligentes.com

cataractusa.com

capitalwheelstogo.com

staffremotely.com

trashbinwasher.com

blaneyparkrendezvous.com

yolrt.com

northendtaproom.com

showgeini.com

b95206.com

almcpersonaltraining.com

lovabledoodleshome.com

woodlandstationcondos.com

nikahlive.com

Targets

- Target
  
  Swift mesajı 4.02.2022.exe
- Size
  
  7KB
- MD5
  
  877b1a2b61c1b9d6580ddab9416a4f2a
- SHA1
  
  553657a0141dd16f29dbe8ac254b8ce77b8857b2
- SHA256
  
  d11763e5e7a68e1ebd3c8094630dd0d1e184e08eeb9a9d5e3f8200e7aeb9aea9
- SHA512
  
  c13d8cfa5bd0f8de604128085b5aebb582f9d07fb36ea11d35c214bb827d30658c9d0d32f3458d20a43ded6a2c8137cf80748bb139751a94800f0ff149bad24a
Score

10^/10

xloader p8ce loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2