xloader

General

Target

INV21029.EXE
Size

577KB
Sample

220225-jxq1zsfdh9
MD5

740dd9c14dea0b98df6ad434abfe789e
SHA1

cbec4d898e68c12fb7dcaddb17d0aca16e8e0e7b
SHA256

35295675b2fbd8ff9900336325e3324270f083705fd0cf51f4ef28763430cdd6
SHA512

66041e42091e83889a6da93c4242a01a0a3122774dc2db8baf909fb0ec6b0d6e847183ac92a24f2ca99f99de7dd4abddddda4a908887f354e3a333202bc0a66e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

- Target
  
  INV21029.EXE
- Size
  
  577KB
- MD5
  
  740dd9c14dea0b98df6ad434abfe789e
- SHA1
  
  cbec4d898e68c12fb7dcaddb17d0aca16e8e0e7b
- SHA256
  
  35295675b2fbd8ff9900336325e3324270f083705fd0cf51f4ef28763430cdd6
- SHA512
  
  66041e42091e83889a6da93c4242a01a0a3122774dc2db8baf909fb0ec6b0d6e847183ac92a24f2ca99f99de7dd4abddddda4a908887f354e3a333202bc0a66e
Score

10^/10

xloader ahc8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2