xloader

General

Target

dekont 2022.exe
Size

219KB
Sample

220419-qgm3qaddb2
MD5

b432fee7f4857a9ad25f143b2ac645a9
SHA1

cd7beb58da064e0caebcc5604893bb3be6568b45
SHA256

413e58ab30e56edfaa7899ebe3fc8655314c993db5a0d1840100752ba6be0be0
SHA512

55558e311529a70cbb6406ea0e1bf409328960e23ee0bb961768ea5c11dd2476da8dd2cc12cff2945fc8e97ba9f99342c866c9b91fc47a42e082178bd3144ec8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cbgo

Decoy

santesha.com

britneysbeautybar.com

sh-cy17.com

jeffcarveragency.com

3117111.com

sobrehosting.net

ddm123.xyz

toxcompliance.com

auditorydesigns.com

vliftfacial.com

ielhii.com

naameliss.com

ritualchariot.com

solchange.com

quatre-vingts.design

lawnmowermashine.com

braceletsstore.net

admappy.com

tollivercoltd.com

vaidix.com

Targets

- Target
  
  dekont 2022.exe
- Size
  
  219KB
- MD5
  
  b432fee7f4857a9ad25f143b2ac645a9
- SHA1
  
  cd7beb58da064e0caebcc5604893bb3be6568b45
- SHA256
  
  413e58ab30e56edfaa7899ebe3fc8655314c993db5a0d1840100752ba6be0be0
- SHA512
  
  55558e311529a70cbb6406ea0e1bf409328960e23ee0bb961768ea5c11dd2476da8dd2cc12cff2945fc8e97ba9f99342c866c9b91fc47a42e082178bd3144ec8
Score

10^/10

xloader cbgo loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2