xloader

General

Target

f7d7da0700921b339807b5977c36fce50742c5ce87f432d357f9d3e8e683785a
Size

352KB
Sample

230425-lyx7ssbe9w
MD5

fc7eb63804088472b1cac1ac9fe5d16f
SHA1

63205c7b5c84296478f1ad7d335aa06b8b7da536
SHA256

f7d7da0700921b339807b5977c36fce50742c5ce87f432d357f9d3e8e683785a
SHA512

57c0dcf7689e04e172d4adfdd6295618cb5695034739a4c57d0fd871b864345e54dd05ed5c3475579ff742c947202618c59db0ea351f52521e1cf7622f007734
SSDEEP

6144:UwxU76BJzteu9g8LJId0ER61it8LeZf5sm22UPLwkkBPPmK4vQniV:JU74eYg8ddER6C8LCKJ6PPmJvQiV

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

d6cd

Decoy

fatmerlion.com

gpo777.com

pacpointfg.com

s3k9r3de.com

jakitrade.com

tmsweets.biz

goodfoodsme.com

teddydefi.com

banahinvestments.com

kuvinziarno.quest

gma-bea10.com

onepotato.xyz

olympusconstructioncompany.com

amvids.info

tmc.wiki

swiftlybliss.com

provopreserve.com

rsvprose.com

staffremotely.com

diversifiedcontractingla.com

Targets

- Target
  
  f7d7da0700921b339807b5977c36fce50742c5ce87f432d357f9d3e8e683785a
- Size
  
  352KB
- MD5
  
  fc7eb63804088472b1cac1ac9fe5d16f
- SHA1
  
  63205c7b5c84296478f1ad7d335aa06b8b7da536
- SHA256
  
  f7d7da0700921b339807b5977c36fce50742c5ce87f432d357f9d3e8e683785a
- SHA512
  
  57c0dcf7689e04e172d4adfdd6295618cb5695034739a4c57d0fd871b864345e54dd05ed5c3475579ff742c947202618c59db0ea351f52521e1cf7622f007734
- SSDEEP
  
  6144:UwxU76BJzteu9g8LJId0ER61it8LeZf5sm22UPLwkkBPPmK4vQniV:JU74eYg8ddER6C8LCKJ6PPmJvQiV
Score

10^/10

xloader d6cd loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2