xloader

General

Target

1969c26ba1e1f151c347b1b899dd05d3aacd571286dd7fad25f5e6489a5ef342
Size

204KB
Sample

230129-xv9xzaad83
MD5

9c40dfd68039060b4349a2222783b9a5
SHA1

26fd3e9ab2553b20259933ec4448ea1638f12399
SHA256

1969c26ba1e1f151c347b1b899dd05d3aacd571286dd7fad25f5e6489a5ef342
SHA512

f19eca17bf73a7c26f4b6445135ac884ca353301f7591d05e2fb96205320ecbda94f2455f225ca94aba0b39c4a67ed925495757e75f58b4c40a72c200952db92
SSDEEP

3072:5f1BDZ0kVB67Duw9AMcobKRWyOjMi7UdJixOTWY9SyjD0kyWpQMhRR5WxJenaE6J:59X0GiYOz7USxOTDSyjD0kTn8CnWJ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gh6n

Decoy

cpschoolsschoology.com

thestocksforum.com

pixiewish.com

sopressd.com

muktokontha.com

tiejiabang.net

fdo.technology

kuringnl.com

barbarapastor.com

21stcenturytrading.com

digiwarung.com

canvafynyc.com

forfaitinghouse.com

3704368.com

mymonwero.com

ponpow.com

fringe.golf

heartfeltindonesia.com

defensivedrivercpc.com

allaboutgt.com

Targets

- Target
  
  1969c26ba1e1f151c347b1b899dd05d3aacd571286dd7fad25f5e6489a5ef342
- Size
  
  204KB
- MD5
  
  9c40dfd68039060b4349a2222783b9a5
- SHA1
  
  26fd3e9ab2553b20259933ec4448ea1638f12399
- SHA256
  
  1969c26ba1e1f151c347b1b899dd05d3aacd571286dd7fad25f5e6489a5ef342
- SHA512
  
  f19eca17bf73a7c26f4b6445135ac884ca353301f7591d05e2fb96205320ecbda94f2455f225ca94aba0b39c4a67ed925495757e75f58b4c40a72c200952db92
- SSDEEP
  
  3072:5f1BDZ0kVB67Duw9AMcobKRWyOjMi7UdJixOTWY9SyjD0kyWpQMhRR5WxJenaE6J:59X0GiYOz7USxOTDSyjD0kTn8CnWJ
Score

10^/10

xloader gh6n loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2