xloader

General

Target

2ec8f4b17dd08b0d95db7276fc3b09cf798ea16c46e6070280e44a98c8a4beef
Size

280KB
Sample

220221-24s32abdh6
MD5

a75e626d8ec0beb8e8028ffc45c5ebbb
SHA1

8bcaf83d423cff3d31a9bac51a4bee19cac2e5a9
SHA256

2ec8f4b17dd08b0d95db7276fc3b09cf798ea16c46e6070280e44a98c8a4beef
SHA512

3a9db4b192e3c42cd226c1947fa9bf5834f3f51fd782cdf8dd62d762e536d3df2e9041e88abce2fc5fb6d9286dfb86072d78b06133e6830ae12e185e49d221eb

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

kio8

Decoy

greeaircondition.com

thewilmingtonguide.com

cbluedotlivewdmall.com

globalcrime24.com

heightsplace.com

ghar.pro

asosbira.com

melolandia.com

velactun.com

erniesimms.com

nutbullet.com

drizzerstr.com

hnqym888.com

ghorowaseba.com

1317efoxchasedrive.info

stjudetroop623.com

facestaj.com

airpromaskaccessories.com

wolfetailors.com

56ohdc2016.com

Targets

- Target
  
  Calendario dei pagamenti.exe
- Size
  
  219KB
- MD5
  
  1a02db6595fb5471a1d91a4f51897269
- SHA1
  
  644069ab472309d4ecfca95de736dfb14676a776
- SHA256
  
  dd9c6267a87c89067d157e28d6f3ca17f958871f3d403609ed72dad80514e226
- SHA512
  
  ca86ca60343f96581c67ddaabd8553cfa030a1ae7cbedc0f05da403d972f7c2de9bf3048a0dbd43642c846f92f9c6f5b280f6537ef013a6d121fb70d72a2905d
Score

10^/10

xloader kio8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2