xloader

General

Target

5785349084839936.zip
Size

285KB
Sample

220307-syztysfdh2
MD5

2eb3feade17b2a72ef7efbe4538a98ae
SHA1

2590a77ec8be30afc42720e3f718d03caa061101
SHA256

c2db07ef9eadc24d56effb5858e81f2d7b241a75d0a39d0174fee389b9efb394
SHA512

615a96e6fc76a56ff9aede8c34145ccd1d2fd6613cb8e30da12dfeb3b929e87a0ecd849d02e5f1d4034b0558ea0c8a2bd246d40f98a614e836e21028eb819b81

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pout

Decoy

leadergaterealty.com

k7bsz.info

laidjapp1.com

eastcountytaxi.com

betterlife-uae.com

materaiku.com

chanhxebinhthuan-hcm.online

06gjm.xyz

67t.xyz

here-we-meet.com

screened-articletoseetoday.info

lucykg.club

mujdobron.quest

susakhi.com

funtabse.com

unlimitedpain.com

2ed58fwec.xyz

weighttrainingexpert.com

allisonsheillax.com

yektaburgers.com

Targets

- Target
  
  66fd2bc4d1ec466bcd76e50bbc959b9a794e897345e69305e11aa99d0b0d656d
- Size
  
  357KB
- MD5
  
  b99e10d4eb07e4a986ee92bcf444a7bf
- SHA1
  
  470d703ad9ea51844f0577d917f7167cc032887d
- SHA256
  
  66fd2bc4d1ec466bcd76e50bbc959b9a794e897345e69305e11aa99d0b0d656d
- SHA512
  
  4914d79035dffa9ef00dc79ac756957a3cf686af41e414836ae0500ec1a9c5084cb77b1a2c1f7ff203d77b9f7897f8de3b38c1aadb36c68aa92d5900b18096b0
Score

10^/10

xloader pout loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2