xloader

General

Target

Purchase Order FEB22_76543.zip
Size

415KB
Sample

220215-sqvj9sgdb8
MD5

5641164edef64fad512612b1df77e536
SHA1

31802697095d145210049859f1e22a09dfdf2567
SHA256

0056e3cbc8cb00f5048b48dc5bbba8a4571d9552cee39b1d53a87f364eac2bdb
SHA512

e1c945eb4a0cb7a9db02ae4df36f79758821249bf6cb0dcf0cc8cd3ab4fd8c2f901c619305c2c6b8c062143357422cf7a60fe9963583515650f8ea3e8793ab1f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

- Target
  
  Purchase Order FEB22_76543.exe
- Size
  
  769KB
- MD5
  
  bcc32aa0cb21d67d81d9ddbd39c3e2d9
- SHA1
  
  2f0dfdf0a29ab5c1177c1245bebbdb2ee0513686
- SHA256
  
  ed99b5652455f1287171fd7d49a5ac69add7ed72a08712d4c66f6474fd094615
- SHA512
  
  571c706963b172d9bdd707c0f833fe9b09a41c52d6ac8e0b8d771ccbca88d4ff43cafcba30b2f9bc5f7afcb2d5908920e0553c740139b32a374b0cf07fbd6b82
Score

10^/10

xloader zqzw loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2