xloader

General

Target

c0408b7f2b52f93af4b191793bc7a604.exe
Size

249KB
Sample

220208-b6zqgsbgh9
MD5

c0408b7f2b52f93af4b191793bc7a604
SHA1

b59faf2f8c3f6de16347578bfdafc1c4941bed85
SHA256

703f4546b4adc3e685275a9840bafac150717c3259f629f6bf9bd8e5d191ad46
SHA512

fd9314e07d0ab516c790a3de8a38aa3f69ed7b16adefd0daea27acb8cc97ab64cca6289cd13567b9e3df1c10d5d033b877d300e5fd7674a9c439ff562dfe7531

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

jdo2

Decoy

adopte-un-per.com

lmandarin.com

shonemurawni.quest

bantasis.com

jsdigitalekuns.net

hiddenroom.net

arungjerampangalengan.com

yinghongxw.com

buzzcupid.com

lattent.digital

faxtoemailguide.com

romanticfriryrose.com

ruleaou.com

mochiko-blog.com

sekireixploit.com

bcx-wiremesh.com

jobportalsg.com

wysspirit.com

iflycny.com

sh-cy17.com

Targets

- Target
  
  c0408b7f2b52f93af4b191793bc7a604.exe
- Size
  
  249KB
- MD5
  
  c0408b7f2b52f93af4b191793bc7a604
- SHA1
  
  b59faf2f8c3f6de16347578bfdafc1c4941bed85
- SHA256
  
  703f4546b4adc3e685275a9840bafac150717c3259f629f6bf9bd8e5d191ad46
- SHA512
  
  fd9314e07d0ab516c790a3de8a38aa3f69ed7b16adefd0daea27acb8cc97ab64cca6289cd13567b9e3df1c10d5d033b877d300e5fd7674a9c439ff562dfe7531
Score

10^/10

xloader jdo2 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2