xloader

General

Target

RECEIPT 0266255252.iso
Size

366KB
Sample

220222-tqwm1aahg2
MD5

a43d92b102d2a13c58b25f58b518c961
SHA1

acdbea86c2b85e25980fe1bd08acd825341f874c
SHA256

7a86dd29d3b525650370867c42eac6c831f1fa1c4380807ed0e8eaaf53eca609
SHA512

4b82784171aa9317915d532c0bd2707a55f78e72a0406846e89f764cbd0637193f46be9da1297dee3f0926f1c22f37bdb95714e637ed39602fd8af734d8e571c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rmfg

Decoy

prospectcompounding.com

grand-prix.voyage

solvingpklogc.xyz

eliamhome.com

gamevip88.club

arsels.info

dswlt.com

dchehe.com

lawyerjerusalem.com

pbnseo.xyz

apuryifuid.com

kiukiupoker88.net

leannonimpact.com

kare-furniture.com

mississaugaremax.online

zpyh198.com

dueplay.store

naimi.ltd

greenstepspodiatry.com

cewirtanen.com

Targets

- Target
  
  RECEIPT 0266255252/RECEIPT 0266255252.pif
- Size
  
  300KB
- MD5
  
  c7012ce63b4ed9e49bf7be48fc27beae
- SHA1
  
  8c91c8e2a90b9e9b3d3dde1fb32e02e5de5dd347
- SHA256
  
  b3babb49432b3d09adbf7e79dfb2fe84f4d417ad394ccd59412c9e083a42a673
- SHA512
  
  6ded1f1974ace78c102fc60e65cef89b664860edd87938af9efa1b4574de43667b614fbc19f49fae2d018180a2a706181982179193bba5c5ccac565758ee2e60
Score

10^/10

xloader rmfg loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2