xloader

General

Target

9615c3102149b752399e479a548337b3657bcf89ff649111793d13dc375619bb
Size

1.2MB
Sample

220219-3ste4aefa8
MD5

940800f6734c56605c9442060c56b74f
SHA1

df789e970cac592ddc9b34ee7e6091d08b185217
SHA256

9615c3102149b752399e479a548337b3657bcf89ff649111793d13dc375619bb
SHA512

66a6e92e95d37f97d35f42a7e0ed584767346a9628c047634f26a33f9dd5936a3d99f05cbda9dfaa275734b973ca27c3ee21a682269676b56409a250594c86f8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

sgadvocats.com

mjscannabus.com

hilldaley.com

ksdollhouse.com

hotgiftboutique.com

purebloodsmeet.com

relaunched.info

cap-glove.com

productcollection.store

fulikyy.xyz

remoteaviationjobs.com

bestcleancrystal.com

virtualorganizationpartner.com

bookgocar.com

hattuafhv.quest

makonigroup.com

officecom-myaccount.com

malgorzata-lac.com

e-learningeducators.com

hygilaur.com

Targets

- Target
  
  68521747.PIF
- Size
  
  292KB
- MD5
  
  7e1c671cb921a5a53f7b13695889a10f
- SHA1
  
  94007268dc30fd25c465de624ae8e65197740032
- SHA256
  
  db097eebc2cb1af575eeb0e7278d466276ddd626cfa0bb5f0b77741679870959
- SHA512
  
  fdcdc25ee8f5682bd3f519a9cf56c68bebfde7332a312ad05e112418507a95ccd932c4e0b1d2279f5d800765ecec3374b96443278e640927ce4f6241404fb0dd
Score

10^/10

xloader uar3 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2