xloader

General

Target

878d3737d37df4d4c182b487150a9a3b
Size

483KB
Sample

221018-x35m8adhap
MD5

878d3737d37df4d4c182b487150a9a3b
SHA1

f0c6fa4e07a177e77f979657f776a9c2502fd761
SHA256

f909b01e39d01f3881f9c169b789693674d0912b8d38708fe90985668aed2cba
SHA512

71579aaa4342967d82ace7b23c05aacf7cdea7f6eb39e797d5ee6dff0009e23a52f44fc5a88afebefc3dcf3f6bd9d983f0cd40167a478f586a07c47a8f063f20
SSDEEP

12288:coCXITNWPlXFzH/IrA7qNfkG2NgDCdWZSvt5Y7:coCYUPlX/mFoCCqq5Y7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b80i

Decoy

yixuan5.com

jiazheng369.com

danielleefelipe.net

micorgas.com

uvywah.com

nbjcgl.com

streets4suites.com

hempgotas.com

postmoon.xyz

gaboshoes.com

pastodwes.com

libes.asia

damusalama.com

youngliving1.com

mollyagee.com

branchwallet.com

seebuehnegoerlitz.com

inventors.community

teentykarm.quest

927291.com

Targets

- Target
  
  Request for Quotation.exe
- Size
  
  556KB
- MD5
  
  cfe607172762768ef0d28bd9d46459bd
- SHA1
  
  09c2fcae04979ac5eaa9a30efef0e59aa5bf034d
- SHA256
  
  08d17b9c0d3ab4eb79a38b0a500655f9f47bc3468718ae5b61d59d0b2b687e53
- SHA512
  
  f3931157cffc40e4aa783261cbbf59fe1698c637c2460dd98828eb0902e66dd006d3aa0e15a9cf17dd1a0396598842c970080ebf7b809813312fc0acdc229714
- SSDEEP
  
  12288:hIlLNX+OnUoEIf9SBB4GgW+0PY0oInE8cZCcNTRA:OlLNX+OnUoeBB4G/3P3oInERCEd
Score

10^/10

xloader b80i loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2