xloader

General

Target

6bcdd75542af9c7a5f4e4c8bb2bccb04742fedbc0f2c189b4d6e10884f9244a8
Size

282KB
Sample

220208-btbswsbfe2
MD5

54ffbfed242352fd89c8b10e367cac3e
SHA1

ee9bb131ece00f3cdd66385b856de021f0f6690f
SHA256

6bcdd75542af9c7a5f4e4c8bb2bccb04742fedbc0f2c189b4d6e10884f9244a8
SHA512

c60f1e555ac4b3fd13a76ed4fe62ea32f5fd17d9cbee443a526e7dcc57559b1dacbe19861e699a399bfe4d2e10ffb8c1f73c558533582c5ae313d3929aa69670

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gh6n

Decoy

cpschoolsschoology.com

thestocksforum.com

pixiewish.com

sopressd.com

muktokontha.com

tiejiabang.net

fdo.technology

kuringnl.com

barbarapastor.com

21stcenturytrading.com

digiwarung.com

canvafynyc.com

forfaitinghouse.com

3704368.com

mymonwero.com

ponpow.com

fringe.golf

heartfeltindonesia.com

defensivedrivercpc.com

allaboutgt.com

Targets

- Target
  
  2021_036,pdf.exe
- Size
  
  220KB
- MD5
  
  251729c3c3a66cb76aab3fe702145906
- SHA1
  
  19ecdee079a7abb02a82781af0e14d5a7f54705f
- SHA256
  
  5f3be7bf52d0617f50d8dcf095edc606854a589a94f2ac8186d6b9406960aa86
- SHA512
  
  e2d7af9a4be4b86cd1fd08e40f297b8cf417f8977986ce7832bf73f797cca7a05da5ea5398df8ff155d3a8087ed5c8a00ce5b2676509a8c667c081b7db77b9a0
Score

10^/10

xloader gh6n loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2