xloader

General

Target

cb94f8bf4453d77ed35b4cccad18260c.bin
Size

339KB
Sample

230525-b87h4sfg35
MD5

ccef4bf89786481d9c2ac8e59ff20caf
SHA1

4e2c532135b6db722fbc46dab29dc6ba38d7185b
SHA256

ad448bb6ae092edc75f674601f4cffefcb02a017390ec76359e7e8191bedef70
SHA512

fa3238ad0c526c4e0490cfe8efb99ac2fbe0ffc38692be53fc4e83b7a462cf38230dd6fe45ef71641dd943af23222192fe627d1ccec021977ae6fa7d70874df5
SSDEEP

6144:fX6ip1vzKS4KatL3IlZ/qPj/g0vhQlfnw5y/oWyN6xnfeSUoTKRIjpNHDZipabZL:fXlFzT4KY38Z/qPjo0v6o5aysNyRupN9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  a39d6226eed5913f2f1d77991f011a386453d095689f85eb0ca14aac1d983466.exe
- Size
  
  356KB
- MD5
  
  cb94f8bf4453d77ed35b4cccad18260c
- SHA1
  
  aeacb009addb2152c05a34537f565e66b32b25d2
- SHA256
  
  a39d6226eed5913f2f1d77991f011a386453d095689f85eb0ca14aac1d983466
- SHA512
  
  7fb17a554481d5ff6c28edd4ee43b9306a8e59ac9f992a2b6d243b2d88eb9daa997bbf5be962f331c6ec282b15e4e67107c233691a6b05d317957072754f4135
- SSDEEP
  
  6144:lZwkVnw0KesTf8DZgu2OuQ15Mgkv0StJXgBivzsXjpY/i0un1IC1ewYrbOhpRRRY:lZ7Laf8DqOrRk8+JXUMzeYRun19ewskC
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2