xloader

General

Target

7803526144.zip
Size

509KB
Sample

220804-plxx2sfggj
MD5

ccadcf7dfd967cf762c65cf2c723861c
SHA1

96fe892c4897d086e35838b9636fddf2c6b70ecb
SHA256

7a7e0f16c71d3934e048397686fcb78781c77db16bf0b2f8852a38898d2aecee
SHA512

0867c0c7a006c5355a568fd4eeb7ced2af43da848a34866e07469b608d7490d1d4d0724facbcea8bd50cc375053bc504091ead7703495be21abee7c26865bfeb

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r007

Decoy

trashpandaservice.com

mobileads.network

ascolstore.com

gelsinextra.com

bonestell.net

heitoll.xyz

ceapgis.com

mon-lapin.biz

miq-eva.com

rematedesillas.com

playingonline.xyz

hausense.quest

tnyzw.com

appsdial.com

addcolor.city

hagenoblog.com

michaelwesleyj.com

she-zain.com

lorhsems.com

karmaserena.com

Targets

- Target
  
  13bd267ca3d7af495f8cd8f72daf3ea997312671eafe9992a88768e4f3ecc601
- Size
  
  556KB
- MD5
  
  a505757fb36d0c2945985135b1de90cb
- SHA1
  
  0f90b28aa225725493ef72a9915bf0c5082ff992
- SHA256
  
  13bd267ca3d7af495f8cd8f72daf3ea997312671eafe9992a88768e4f3ecc601
- SHA512
  
  37d993fcb3774673a840d4e13e768c7160120c04746972f8efed6c4687e9872fcc175849193510190fbc5047ce89abcce5c3457955b85e7912c09c12b1f0f011
Score

10^/10

xloader r007 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3