xloader

General

Target

0x000400000001abf7-133.dat
Size

163KB
Sample

220808-hbjjcaeehn
MD5

3f30211b37614224df9a078c65d4f6a0
SHA1

c8fd1bb4535f92df26a3550b7751076269270387
SHA256

a7059eb53ea10d1bb978e42d833069c10e6f472704c699228cfb84f94464a507
SHA512

24c6e7fb437d95ab074c30412cf7f99d00d61872721ad53c98843a3176172892e3278cc708717f5a601939f54a8dd6fd3c9aa6832fdac6f4633b1076e8b85939

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s0iw

Decoy

ortopediamodelo.com

orimshirts.store

universecatholicweekly.info

yvettechan.com

sersaudavelsempre.online

face-booking.net

europeanretailgroup.com

umofan.com

roemahbajumuslim.online

joyrosecuisine.net

3dmaker.house

megdb.xyz

stereoshopie.info

gv5rm.com

tdc-trust.com

mcglobal.club

choral.works

onlineconsultantgroup.com

friscopaintandbody.com

midwestii.com

Targets

- Target
  
  0x000400000001abf7-133.dat
- Size
  
  163KB
- MD5
  
  3f30211b37614224df9a078c65d4f6a0
- SHA1
  
  c8fd1bb4535f92df26a3550b7751076269270387
- SHA256
  
  a7059eb53ea10d1bb978e42d833069c10e6f472704c699228cfb84f94464a507
- SHA512
  
  24c6e7fb437d95ab074c30412cf7f99d00d61872721ad53c98843a3176172892e3278cc708717f5a601939f54a8dd6fd3c9aa6832fdac6f4633b1076e8b85939
Score

10^/10

xloader s0iw loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2