xloader

General

Target

output.199875276.rar
Size

213KB
Sample

230130-zmhjvsed2z
MD5

d539d007fb26f7b0a9292f2b0a12529f
SHA1

60a11149ee2f19560a4179276d19bb56eac2dfb3
SHA256

1a41a5bf751fd2deb7cf46b231e45843adc5f036149979de847c053177be2eb8
SHA512

68c82cc8b2fb78d297950b35e9293354fb09b2d8fc26b2bd0d8d80dbacc28fc4d21f7889c0cac7325e23c49d3f527a820551d685300c0693b34ca6434d88bc4f
SSDEEP

3072:TfK0+v+mkHKLxpoSEd3FpOwB+C5VNfcFg20pbhJ2ZhX3q3uupt0Q89eJO34OKW+y:Ev+X+zoSeFhr5PcFrEbuZxq3unl3itZq

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dx3n

Decoy

polebear.xyz

luciamoca.com

185451.com

bookfriendspodcast.net

reliancetechsolutions.com

wuzuiso.com

ig-representative.com

ryotaohno.com

wlnhcl.com

oasispoolth.com

fo71.com

storyandidentity.com

sayarpro.com

arrow-electronics-corps.net

brasbux.com

nigeriaafricasummit.com

choud.store

medicareopenenrollment.info

amlhcz.com

fdklflkdioerklfdke.store

Targets

- Target
  
  swiftcopy.exe
- Size
  
  226KB
- MD5
  
  403a0ec6b998f324dda677547ac8ec79
- SHA1
  
  2e9fcc41db347d053ec58de6881527a9f529edef
- SHA256
  
  7d53754fb2eb6479e9d71d07036133421f4d153ec252873c7beeb619f762a90f
- SHA512
  
  0608941d064e2e3121ee4a02dba4f486ba7c997b14405b2e6d63102566bb65fbc242bb25ef424b5f1ddf07e7bc7e8226b916a00e85fc6d8d2408e966cbeb891b
- SSDEEP
  
  3072:qyiLF8DnmJpNG/f90oL1yq8ogAQLxLmqjPXrxgUuUj14xy9WmfvuuWlAqXJeDg+P:qGV/l0oL1TToMqTVgfUs8efDJe81aL9f
Score

10^/10

xloader dx3n loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2