xloader

General

Target

2a11ef715093c4429cd05dc3950c7f89.bin
Size

328KB
Sample

230525-bglgkaga4w
MD5

02fb1cb00af352901c712f129049b0b7
SHA1

2625ca93ebd505a331e217c79920c2fe6fc82ffe
SHA256

9348d147d1f5ed420fed457cca4ccde6479c966788f948e67ce2031472186cc0
SHA512

c38e2538a875369b18cc89f5a7b28faf135f412505f2f2bff5599571538f0ba61ac3f770b3b0bb15d7ade06b279fb669a2500ac99590cb09fae5cd711d375ae5
SSDEEP

6144:xik8NxO2BUn5uWoonKm42dIivvSWmvqkArue0hIp2F//JIfgbY/nnDQfUJ7:x9AA2DWEm42dIiTcqbruv//JNbY/D/J7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  50df1fc76a41a970a44ac40efdd0113c599a7091891dc13c25e78abe52a97158.exe
- Size
  
  341KB
- MD5
  
  2a11ef715093c4429cd05dc3950c7f89
- SHA1
  
  3199e3c72fc349d9cce951c2c8830d88a8da4454
- SHA256
  
  50df1fc76a41a970a44ac40efdd0113c599a7091891dc13c25e78abe52a97158
- SHA512
  
  24f2d7a608d421258334144217e97dccdeb023d5e621774f213eda210a8937df0c7d12cfd02e8c96d5951011d6142a320ca3b40bedb8ac6ad5f95ccc6d3d2d0a
- SSDEEP
  
  6144:HqPwmYdAbc0C3LFDDOQmjUi0GL9jDAlPMKpPbd6j62AeI4KR0VoFtDFF7g:HqPwmYdAbc0CboQmjIGN6Pzd6j6/eWtU
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2