xloader

General

Target

SecuriteInfo.com.Trojan.Siggen13.26903.17178.23786.exe
Size

761KB
Sample

220906-q4nyjadgf8
MD5

be71fd7430e0e60837a7213a70cee935
SHA1

1ae6e21d3f4a66fadf474d3ce61c729ef14e4e3b
SHA256

efa3e40934344f2397c3494cbf46481ad7d51134e9da157ccfc9d4a9e6e8cbd9
SHA512

929ce836ba1a301384264d2a9b098c2f71e4e54ee4ae29e3c4fed5edd76280662cee1971a7631bf815a095a7ebe8c74d95529894d6581b8e12d8b1ccae19c601
SSDEEP

6144:7k5KtUlIt5bY+nRtAWa1dp60xMd2g8/4tEFHW/8Ehr+Ds0NXi6+TMSnnJvkCx2X8:7k5lIt7R6XlzgeZH48zNIJV3HVNRE

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

epns

Decoy

lifecrops.com

shortexts.com

movemusica.com

transitionwithdrola.com

zhangwuyou.net

hustletohealth.com

prantuca.com

kellyconley.net

imbada.com

zeus-media-archive.xyz

mowushenyun.com

ponchakazumi.com

howtowhittle.com

screweytimes.com

alwasatalfany.com

arabaalangaleriler.com

liquidmarin.com

celvljiaoyi.com

pluscrown.com

blu-shop.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.Siggen13.26903.17178.23786.exe
- Size
  
  761KB
- MD5
  
  be71fd7430e0e60837a7213a70cee935
- SHA1
  
  1ae6e21d3f4a66fadf474d3ce61c729ef14e4e3b
- SHA256
  
  efa3e40934344f2397c3494cbf46481ad7d51134e9da157ccfc9d4a9e6e8cbd9
- SHA512
  
  929ce836ba1a301384264d2a9b098c2f71e4e54ee4ae29e3c4fed5edd76280662cee1971a7631bf815a095a7ebe8c74d95529894d6581b8e12d8b1ccae19c601
- SSDEEP
  
  6144:7k5KtUlIt5bY+nRtAWa1dp60xMd2g8/4tEFHW/8Ehr+Ds0NXi6+TMSnnJvkCx2X8:7k5lIt7R6XlzgeZH48zNIJV3HVNRE
Score

10^/10

xloader epns loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Blocklisted process makes network request

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2