xloader

General

Target

DELIVERY DOCUMENTS.zip
Size

546KB
Sample

220217-lwpgwaahe8
MD5

68aafcb2ba4270b034e3479c57d21032
SHA1

15163560d405c93e67445c6d54f7741481ec8729
SHA256

4fe80fa1ceaaf027e00cc28cb9be521e47323f768f2975570d347178d606cffc
SHA512

a839d319268bf6cc10653ecc8e87ece5fbbf9830feab99869f62cef3a80c3f6fdda556748fce5ee7401183b837b401d096390144b25c8c9e2ae42518b1e31713

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

- Target
  
  DELIVERY DOCUMENTS.exe
- Size
  
  784KB
- MD5
  
  c84db8be1abc6b5c4fe423a2425c9ad6
- SHA1
  
  e21d4d9a20e80be6f9310bfc281bd2c8819d2f57
- SHA256
  
  3c6a613507d90d332e2d4d7f91c7c2ef3135e464e5937b1da1a9c4f749528343
- SHA512
  
  af70ee5050550797a43c49a249c850b543f45ad7998d78ef5fa4d700c66fb2d677e79d213179a64cf23bdc444d2b2ce6c2ba4af129f86fe1127c5e48c94df2cf
Score

10^/10

xloader zqzw loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2