xloader

General

Target

47d1eec257fc20c0eb9ea82fabea47f9d0a2cb5c59804bdc18bb1792f85b1a3c
Size

1.2MB
Sample

220219-3th1raefa9
MD5

0e74b3a6918bb5e60303c04aa8dbae08
SHA1

6e79180a99160314d28560b1929bf4d42ba30026
SHA256

47d1eec257fc20c0eb9ea82fabea47f9d0a2cb5c59804bdc18bb1792f85b1a3c
SHA512

cf881879d19176784fe93160543d30f1c8e584c192b26d42bca710f2c3e43a57271b9ac8157d423c4210b158654b0ddb0d980cdd0b281e195945ed82df6ee964

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

sgadvocats.com

mjscannabus.com

hilldaley.com

ksdollhouse.com

hotgiftboutique.com

purebloodsmeet.com

relaunched.info

cap-glove.com

productcollection.store

fulikyy.xyz

remoteaviationjobs.com

bestcleancrystal.com

virtualorganizationpartner.com

bookgocar.com

hattuafhv.quest

makonigroup.com

officecom-myaccount.com

malgorzata-lac.com

e-learningeducators.com

hygilaur.com

Targets

- Target
  
  68521717.PIF
- Size
  
  291KB
- MD5
  
  c3e495a5457d35b55ebb9a6d69b69f40
- SHA1
  
  270dcc86f4d1c7765380fc3920c73893a34e7633
- SHA256
  
  3cba15742d927df8dacc3b41005dfa1f8e66fbae71135782befd3e55d5aceeae
- SHA512
  
  17922f514c2b674c9e2a3db713a84eeb7237fd9b590ac24ff5463de4365853b5843cc114ac7fede237c2fce533cf96e67a87b0b998a2fd2569e7873dcec64fc8
Score

10^/10

xloader uar3 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2