xloader

General

Target

Boat Payment Copy.exe
Size

301KB
Sample

220321-py4alaccc4
MD5

5978c05476263bda7d960999d199231b
SHA1

ddb2e6c5412027261ca3f339e73a309451aa88b0
SHA256

7de9f7a81557d4a2a6818b50b8f8ab8948ce6329bf1c696d038e1231237a07d0
SHA512

7edb0538af7dec08f7f5150b26c525cd2bd4d101a08dec8d48e64619206006ba1daa489ef6c9be2db496832add886da040ef0730320558e4dc5ca0b30a81f65e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ubqk

Decoy

tundrat-celltherapy.com

superfinance.club

5x5week.com

687504.com

clarkdn.com

potterypklsck.xyz

4m5k.com

21t8.com

94o2ohfjg.com

bhupendratravels.com

nomadashop.com

w388bet.bet

naturalenetwork.net

tupaqu.com

osooir.com

jengly.com

cbsharjah.icu

tokowallpaperbekasi.com

baggamut.com

upoon81.com

Targets

- Target
  
  Boat Payment Copy.exe
- Size
  
  301KB
- MD5
  
  5978c05476263bda7d960999d199231b
- SHA1
  
  ddb2e6c5412027261ca3f339e73a309451aa88b0
- SHA256
  
  7de9f7a81557d4a2a6818b50b8f8ab8948ce6329bf1c696d038e1231237a07d0
- SHA512
  
  7edb0538af7dec08f7f5150b26c525cd2bd4d101a08dec8d48e64619206006ba1daa489ef6c9be2db496832add886da040ef0730320558e4dc5ca0b30a81f65e
Score

10^/10

xloader ubqk loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2