xloader

General

Target

f5b0cf927242b9bc3d6d1cdedb8417d1fac95e15bfc3c9fb9dec80a9bc8741c6
Size

1.2MB
Sample

220219-3rynesefa5
MD5

a1b8cae3e9016bdb3486c79a7eb06f47
SHA1

48b23d830931dced658b961928e29d28986c0e64
SHA256

f5b0cf927242b9bc3d6d1cdedb8417d1fac95e15bfc3c9fb9dec80a9bc8741c6
SHA512

f16b1780ea839d831c7718f61992ba17542236ed46eb4cd8142460aabe83dd0879b9818ca584024f155218b0d0a83515811577ee9e0f3e3e0fab150c821771da

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

sgadvocats.com

mjscannabus.com

hilldaley.com

ksdollhouse.com

hotgiftboutique.com

purebloodsmeet.com

relaunched.info

cap-glove.com

productcollection.store

fulikyy.xyz

remoteaviationjobs.com

bestcleancrystal.com

virtualorganizationpartner.com

bookgocar.com

hattuafhv.quest

makonigroup.com

officecom-myaccount.com

malgorzata-lac.com

e-learningeducators.com

hygilaur.com

Targets

- Target
  
  ORDER_96.PIF
- Size
  
  292KB
- MD5
  
  d279a9125327264ffc89fb5cb4d8e433
- SHA1
  
  44ec118059baa04d7f812ed30f52b15aa138b181
- SHA256
  
  e9fe0fe5cd5d59f973f1ea299c3476fbbd9e6a95f44509854286f584a313837c
- SHA512
  
  eb7d2a41cb461af28f961f4ae903d56bf730f3307e2bab1e91ac7e4b1b7ab6289f00ee2463f8d2477b9ffaba6e2667ff424628cf2dbc92a88716da98cd9c2db2
Score

10^/10

xloader uar3 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2