xloader

General

Target

bab78a45af95c68f607e3d89d917e19e
Size

327KB
Sample

220421-j7ka7adhc8
MD5

bab78a45af95c68f607e3d89d917e19e
SHA1

4a169a2d700be6cc4cd94b29d61621d4c2fb83fa
SHA256

7443dce18b5523225353847f6dd17a2ec244c6c32e7f72df3937d2f85d74cff6
SHA512

f837edda0365fce8543934b76b3dccca85aa4b583e8285b32d6a7f09c863f288a4eef75dcda73cd47ebca99ce4e1042b75e8fa6f124c5599b37bd7a3ca9bb848

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cbgo

Decoy

santesha.com

britneysbeautybar.com

sh-cy17.com

jeffcarveragency.com

3117111.com

sobrehosting.net

ddm123.xyz

toxcompliance.com

auditorydesigns.com

vliftfacial.com

ielhii.com

naameliss.com

ritualchariot.com

solchange.com

quatre-vingts.design

lawnmowermashine.com

braceletsstore.net

admappy.com

tollivercoltd.com

vaidix.com

Targets

- Target
  
  virement.exe
- Size
  
  192KB
- MD5
  
  ace33d540a6a1564d93f63ca8e23e49f
- SHA1
  
  f7882beb571b12a4d2100672636e93d56fe76591
- SHA256
  
  706b938fc167d7ed1747b35cdbd650d476b210ef0c131d76b2e4269f1ab64142
- SHA512
  
  28bb6d85e81ee4b5e79921776eaae7e38386b6423fcf6ef139e6d8c45ed3585b1df0fe4340215fc2fda3b21e38687bc2514dd525e5ff210731eac7d744b88727
Score

10^/10

xloader cbgo loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2