xloader

General

Target

80e8a8b687288ebb5907d23754a2237c337a1b5f9c30f275190663f0462919b1
Size

275KB
Sample

220211-xj8krsdbb2
MD5

8f4585f525382c4ff0fd67d9eea7cff8
SHA1

9365f326bfc24cba9347ed0b7935e3100c6ddce3
SHA256

80e8a8b687288ebb5907d23754a2237c337a1b5f9c30f275190663f0462919b1
SHA512

3cc5e703c18019a472097724fab2979ff727fe2dfc705df48aff00fd227b510a35285003784b8538b116234868853c5dbbfafc2263001b1d1135d4820b3e8a8c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gab7

Decoy

mbb11.xyz

taishancable.com

karaoke-sega.com

mana-space.com

danielandkaela.com

ancorasports.com

magentaclass.com

tenloe045.xyz

colorbold.com

5starrentertainment.com

candgconstructiontx.com

664cqi.com

alexeykazakov.com

umrashed.space

thepowerof10.club

scotchwoodofficeworks.com

anelis.digital

label34.group

karimico.com

dogsforsaleinkenya.com

Targets

- Target
  
  80e8a8b687288ebb5907d23754a2237c337a1b5f9c30f275190663f0462919b1
- Size
  
  275KB
- MD5
  
  8f4585f525382c4ff0fd67d9eea7cff8
- SHA1
  
  9365f326bfc24cba9347ed0b7935e3100c6ddce3
- SHA256
  
  80e8a8b687288ebb5907d23754a2237c337a1b5f9c30f275190663f0462919b1
- SHA512
  
  3cc5e703c18019a472097724fab2979ff727fe2dfc705df48aff00fd227b510a35285003784b8538b116234868853c5dbbfafc2263001b1d1135d4820b3e8a8c
Score

10^/10

xloader gab7 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2