xloader

General

Target

tmp
Size

5.6MB
Sample

220516-f8r6msheeq
MD5

708e2d6b2b59ddeb88fb051ccf3869c6
SHA1

678048ad55418587075d1df6c91eade66823de2f
SHA256

ade283e1dc7b88a52ca2c0ac149af10ff68dff1709a27dd800936a7345cc6b56
SHA512

6646e5046ac41a7dc9fd85d0a3cf21cf0a73ec8d124d1f2d04646d486441bc0e7406f810bf4951aac5fe135b8f7d74e104dbeecabea452342fe78a8cecaac055

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

arh2

Decoy

hstorc.com

blackountry.com

dhrbakery.com

dezhouofit.com

defipayout.xyz

ginas4t.com

byzbh63.xyz

qrcrashview.com

mialibaby.com

enhaut.net

samainnova.com

yashveerresort.com

delfos.online

dungcumay.com

lj-counseling.net

fliptheswitch.pro

padogbitelawyer.com

aticarev.com

sederino.site

bestplansforpets-japan3.life

Targets

- Target
  
  tmp
- Size
  
  5.6MB
- MD5
  
  708e2d6b2b59ddeb88fb051ccf3869c6
- SHA1
  
  678048ad55418587075d1df6c91eade66823de2f
- SHA256
  
  ade283e1dc7b88a52ca2c0ac149af10ff68dff1709a27dd800936a7345cc6b56
- SHA512
  
  6646e5046ac41a7dc9fd85d0a3cf21cf0a73ec8d124d1f2d04646d486441bc0e7406f810bf4951aac5fe135b8f7d74e104dbeecabea452342fe78a8cecaac055
Score

10^/10

xloader arh2 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2