xloader

General

Target

2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b
Size

206KB
Sample

230129-xv81nsad82
MD5

bdf87b4a29e49c1600fe706db9e8cb32
SHA1

b43ee84e788f95271f5605368b4e3889313ad92b
SHA256

2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b
SHA512

bfb44e54994d58110b61e5a63ca9f67acfb01e165dff5892676318504d3a894d4d723b04bb1fd8e2e9550d4ca415ad5affd707528b5b1d694669a0b6edf3c1f6
SSDEEP

6144:59X0GphY2H0ThHcKuhcC5KCPizFV3hWO/+r4lxajH2Qqsn:/0AT0TwcK/ZScjWe

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

jzvu

Decoy

rezabird.com

amthebomb.com

cqfsc.net

scottgesslerdesign.com

australianhempco.com

digitalkn.com

theoneandonlytattoostudio.com

chaing-list.xyz

technicaljanu.com

tigerkid.net

mels.ink

adassadelacruz.com

deep-freezers.xyz

kundanbangles.com

88840678.com

xiaonaphotography.online

john-heer-stuttgart.com

gumrukihalesi.com

veekasdoshi.com

purathanam.com

Targets

- Target
  
  2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b
- Size
  
  206KB
- MD5
  
  bdf87b4a29e49c1600fe706db9e8cb32
- SHA1
  
  b43ee84e788f95271f5605368b4e3889313ad92b
- SHA256
  
  2510a64e022d6fa641f39da3bf2fc4d74cd00fb50b6bf0a77ab559c0af51245b
- SHA512
  
  bfb44e54994d58110b61e5a63ca9f67acfb01e165dff5892676318504d3a894d4d723b04bb1fd8e2e9550d4ca415ad5affd707528b5b1d694669a0b6edf3c1f6
- SSDEEP
  
  6144:59X0GphY2H0ThHcKuhcC5KCPizFV3hWO/+r4lxajH2Qqsn:/0AT0TwcK/ZScjWe
Score

10^/10

xloader jzvu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2