xloader

General

Target

c3b5dbd271b8f701857d730998df493fb0e9aaa622b6fe89b9c85a0d3adab187
Size

406KB
Sample

220520-19jk4saaek
MD5

a1ef01a276d390ae1aba8d07c1413f54
SHA1

f83f7f501c858398fdb7ecdd2850e76a9fe35308
SHA256

c3b5dbd271b8f701857d730998df493fb0e9aaa622b6fe89b9c85a0d3adab187
SHA512

7de2a3635d75a388b5f3f95becb11003b243d8ae27991e33cb12920801a0e2f30cc2b8fb46d01f5fd6901764a91a2ec16e2eae1d6a5217ebe681bc8acd83fa9c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

iwnn

Decoy

laerteskft.com

growingstrongbook.com

bridgecounsel.com

takeabreakfromwork.com

www2998s.com

rvaimportados.com

zelfstandigondernemen.online

connectinglifes.com

ecopt.win

bwwvuih.com

designingbeyondmyeloma.com

apprentisageaplus.com

walkintubstoday.sale

littlemexicoimports.com

getaltai.com

sbd55999.com

nu000.com

theconsciouscookingcompany.com

jelancer.com

osusume-toushiseminar.com

Targets

- Target
  
  request for quotation and samples Nos 0708090504 0692168035 0567034016 0607089403 0506079436.exe
- Size
  
  594KB
- MD5
  
  2ebf35cd8c5a7b7f0a590b1599e35e16
- SHA1
  
  20fb8d99b1da85cce1a1f24f9d6055c981578197
- SHA256
  
  c940837494435b53d54b6b4349031a14bf5db905a22b7601e34deb851b109715
- SHA512
  
  beb54bedb0ea0f5f3bb7ca780c732b5f0f0f20c0af991701d6bb2a2bdf9ee0f434c61044d5572a8b470f68de20ddd147b505e9e54bc5bbebb2b3c50b821f5810
Score

10^/10

xloader iwnn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2