xloader

General

Target

Purchase Order SFOWRN5.exe
Size

405KB
Sample

220225-ntcreagad8
MD5

ba17a227d3f7c569058ab01b20a821ee
SHA1

13a78f3b0f372632f92b4d134bf7434d007bf8c1
SHA256

97fbc1c6520a5cf810a5dbbd254eb47544b89d2cc3038cfe1f6451eef9cc6b8c
SHA512

82e96cd354550b599c42339903e36a0251547e6c9d2b250fa561ea54595d49d725fbb5cf005bdfd14fcf389e1304a4e3406265b5c00eed3191aa927860145f12

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pout

Decoy

leadergaterealty.com

k7bsz.info

laidjapp1.com

eastcountytaxi.com

betterlife-uae.com

materaiku.com

chanhxebinhthuan-hcm.online

06gjm.xyz

67t.xyz

here-we-meet.com

screened-articletoseetoday.info

lucykg.club

mujdobron.quest

susakhi.com

funtabse.com

unlimitedpain.com

2ed58fwec.xyz

weighttrainingexpert.com

allisonsheillax.com

yektaburgers.com

Targets

- Target
  
  Purchase Order SFOWRN5.exe
- Size
  
  405KB
- MD5
  
  ba17a227d3f7c569058ab01b20a821ee
- SHA1
  
  13a78f3b0f372632f92b4d134bf7434d007bf8c1
- SHA256
  
  97fbc1c6520a5cf810a5dbbd254eb47544b89d2cc3038cfe1f6451eef9cc6b8c
- SHA512
  
  82e96cd354550b599c42339903e36a0251547e6c9d2b250fa561ea54595d49d725fbb5cf005bdfd14fcf389e1304a4e3406265b5c00eed3191aa927860145f12
Score

10^/10

xloader pout loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2