xloader

General

Target

827aef504e43c4ce730445746334cd50
Size

825KB
Sample

240130-vlg5gsbcep
MD5

827aef504e43c4ce730445746334cd50
SHA1

fd63e75f05627b7e56a692fdadf424076cf494f2
SHA256

b503149e8dd7788175bf26b671aaa1a74120fc7e729ee943aae8d6005607bf29
SHA512

3d78a9c1a4c24b2a42a2ad0d2ae641e6539c5d538aeb1367979baf71b975921ecba318e390345bf26db3cee514a5864f0485ccdebb6fc34f783af37856083493
SSDEEP

12288:w+CK4H5nlb8uYhkOH7DuG0fEXj8l2hh/khDweCje:Z8Zlb853NzC2hlwwrje

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nwru

Decoy

zjkhyo.com

mogreener.com

galanpresente.com

anthologistliving.com

jfl-info.net

cascobaycuttlerly.com

nefertityeg.com

greatescapefurniture.com

primulashop.com

xn--cittinrete-k4a.com

drugstoire.com

kefaloniabride.com

viralgenstudents.com

makerwl.com

rubyweed.com

badenio.com

smartcontracttraders.com

lcscards-veilig.icu

qf553.com

dnhsxm.com

Targets

- Target
  
  827aef504e43c4ce730445746334cd50
- Size
  
  825KB
- MD5
  
  827aef504e43c4ce730445746334cd50
- SHA1
  
  fd63e75f05627b7e56a692fdadf424076cf494f2
- SHA256
  
  b503149e8dd7788175bf26b671aaa1a74120fc7e729ee943aae8d6005607bf29
- SHA512
  
  3d78a9c1a4c24b2a42a2ad0d2ae641e6539c5d538aeb1367979baf71b975921ecba318e390345bf26db3cee514a5864f0485ccdebb6fc34f783af37856083493
- SSDEEP
  
  12288:w+CK4H5nlb8uYhkOH7DuG0fEXj8l2hh/khDweCje:Z8Zlb853NzC2hlwwrje
Score

10^/10

xloader nwru agilenet loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2