xloader

General

Target

Order-EM411910902-pdf.pif
Size

247KB
Sample

220221-l3dzqadgcm
MD5

3891508ecb36809bb3d903066ce5ac5b
SHA1

ee03fadec645758dd05f86354f909b6184431df7
SHA256

4e680042dfe4ffcf835c00c86ba35cbbac2fabd08ae19fa3155c030d984ab6be
SHA512

f3735723b73b3f97bb3d08eb2e5e488ede9790161f1f45b1c414e1bda4072af86cf2adbdddbc31bf471b4037acfaf57fd37588b5b0f8cb644b2960299e1e141f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

sgadvocats.com

mjscannabus.com

hilldaley.com

ksdollhouse.com

hotgiftboutique.com

purebloodsmeet.com

relaunched.info

cap-glove.com

productcollection.store

fulikyy.xyz

remoteaviationjobs.com

bestcleancrystal.com

virtualorganizationpartner.com

bookgocar.com

hattuafhv.quest

makonigroup.com

officecom-myaccount.com

malgorzata-lac.com

e-learningeducators.com

hygilaur.com

Targets

- Target
  
  Order-EM411910902-pdf.pif
- Size
  
  247KB
- MD5
  
  3891508ecb36809bb3d903066ce5ac5b
- SHA1
  
  ee03fadec645758dd05f86354f909b6184431df7
- SHA256
  
  4e680042dfe4ffcf835c00c86ba35cbbac2fabd08ae19fa3155c030d984ab6be
- SHA512
  
  f3735723b73b3f97bb3d08eb2e5e488ede9790161f1f45b1c414e1bda4072af86cf2adbdddbc31bf471b4037acfaf57fd37588b5b0f8cb644b2960299e1e141f
Score

10^/10

xloader uar3 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2