xloader

General

Target

IMG-78293792.exe
Size

356KB
Sample

230523-svdgjsfh53
MD5

cb94f8bf4453d77ed35b4cccad18260c
SHA1

aeacb009addb2152c05a34537f565e66b32b25d2
SHA256

a39d6226eed5913f2f1d77991f011a386453d095689f85eb0ca14aac1d983466
SHA512

7fb17a554481d5ff6c28edd4ee43b9306a8e59ac9f992a2b6d243b2d88eb9daa997bbf5be962f331c6ec282b15e4e67107c233691a6b05d317957072754f4135
SSDEEP

6144:lZwkVnw0KesTf8DZgu2OuQ15Mgkv0StJXgBivzsXjpY/i0un1IC1ewYrbOhpRRRY:lZ7Laf8DqOrRk8+JXUMzeYRun19ewskC

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  IMG-78293792.exe
- Size
  
  356KB
- MD5
  
  cb94f8bf4453d77ed35b4cccad18260c
- SHA1
  
  aeacb009addb2152c05a34537f565e66b32b25d2
- SHA256
  
  a39d6226eed5913f2f1d77991f011a386453d095689f85eb0ca14aac1d983466
- SHA512
  
  7fb17a554481d5ff6c28edd4ee43b9306a8e59ac9f992a2b6d243b2d88eb9daa997bbf5be962f331c6ec282b15e4e67107c233691a6b05d317957072754f4135
- SSDEEP
  
  6144:lZwkVnw0KesTf8DZgu2OuQ15Mgkv0StJXgBivzsXjpY/i0un1IC1ewYrbOhpRRRY:lZ7Laf8DqOrRk8+JXUMzeYRun19ewskC
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2