xloader

General

Target

documents.exe
Size

509KB
Sample

220303-smbmzsbfe5
MD5

a3db3121e70a7f14f148112cf9c2b354
SHA1

9e558cbc0c8656cde57e5aeac354828c7792ed3c
SHA256

a4e3ba6772cc6a006c061a0fc86fafdab1a11602004743018eb2d21524ea3f0e
SHA512

71a96e744d4fc66e5fd9fc00d64d23bdb0486650a8eb45c7fea6b7e0b42ae80e7d4a88076d772ecfab135c994426554112d548ae06a046478b0b34f8d19f3a0f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yrcy

Decoy

sturlabas.com

tantrungcompany.com

wildgraceyogahealing.com

wsparalegal.com

8xhgq.xyz

mysaylav.com

amelntl.net

cooleshow.online

adventuresbydisneyathome.com

sprinklekart.com

prostitutkitambovasuck.info

pakdao.com

finsith.com

nightpartner82.xyz

sex9a4ufbj.com

ketohousee.com

mairie-les-cammazes.com

elebots.xyz

highqualityremodeling.net

teamsterslocal553.com

Targets

- Target
  
  documents.exe
- Size
  
  509KB
- MD5
  
  a3db3121e70a7f14f148112cf9c2b354
- SHA1
  
  9e558cbc0c8656cde57e5aeac354828c7792ed3c
- SHA256
  
  a4e3ba6772cc6a006c061a0fc86fafdab1a11602004743018eb2d21524ea3f0e
- SHA512
  
  71a96e744d4fc66e5fd9fc00d64d23bdb0486650a8eb45c7fea6b7e0b42ae80e7d4a88076d772ecfab135c994426554112d548ae06a046478b0b34f8d19f3a0f
Score

10^/10

xloader yrcy loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2