xloader

General

Target

factura kts 770417.exe
Size

304KB
Sample

220318-t63fgscac7
MD5

dcedadc9e7ab6c8b55aba9a69f0ad589
SHA1

50e3e95a0823484c7729fc42250e310342335551
SHA256

a3722866259ff0b2d2578842e1b1667e17f597c274544bb6e02f24b91cb4dbd4
SHA512

5b7965c65482da6a20e9648b3994e7e4756d75655c5b49a3394277db023fc72cf4e92531cfb3a153c0ae1592b80b84640239e3723334014c24e2d0705df19f1c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cbgo

Decoy

santesha.com

britneysbeautybar.com

sh-cy17.com

jeffcarveragency.com

3117111.com

sobrehosting.net

ddm123.xyz

toxcompliance.com

auditorydesigns.com

vliftfacial.com

ielhii.com

naameliss.com

ritualchariot.com

solchange.com

quatre-vingts.design

lawnmowermashine.com

braceletsstore.net

admappy.com

tollivercoltd.com

vaidix.com

Targets

- Target
  
  factura kts 770417.exe
- Size
  
  304KB
- MD5
  
  dcedadc9e7ab6c8b55aba9a69f0ad589
- SHA1
  
  50e3e95a0823484c7729fc42250e310342335551
- SHA256
  
  a3722866259ff0b2d2578842e1b1667e17f597c274544bb6e02f24b91cb4dbd4
- SHA512
  
  5b7965c65482da6a20e9648b3994e7e4756d75655c5b49a3394277db023fc72cf4e92531cfb3a153c0ae1592b80b84640239e3723334014c24e2d0705df19f1c
Score

10^/10

xloader cbgo loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2