xloader

General

Target

163a61f30478a21a6e91765d09fdbb51
Size

807KB
Sample

231230-mrb7esbddl
MD5

163a61f30478a21a6e91765d09fdbb51
SHA1

7baf2e6911e114946ebb7e6475cb7b74ab6af343
SHA256

be230035f1e1b86c687d94ba142e56f1859cbee72cce927a62047e04b30b7807
SHA512

17e63aeeb25be473e1b6c80d84e9a94d1f249900c3406fabe71971c24d500d7855d8fc36f855ec52c4b96b37d40f3bf11c312308a54c84c7afab0c5369bf3e45
SSDEEP

12288:ixx3htjxnAqZ6oR65AXwgFvuSSSII920CdUjRQg75zsDxrK4EFA1lN3mgR3mEuK:ixx32oR6qge920CdUjvSpK/KXNV3mI

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u3r5

Decoy

alashan.ltd

demopagephequan.online

garxznql.icu

unetart.com

dajiangzhibo15.com

influencer.fund

beverlyhills.city

strefafryzur.net

giftboxhawaii.com

ecotiare.com

homeandgardenradioshow.com

sageandsandco.com

laflesoley.com

icipatanegra.online

autovistoriapredial.net

xn--polenezkypark-pmb.com

cbdamic.com

aaronandmarissa.com

datasoma.digital

theclosetology.com

Targets

- Target
  
  163a61f30478a21a6e91765d09fdbb51
- Size
  
  807KB
- MD5
  
  163a61f30478a21a6e91765d09fdbb51
- SHA1
  
  7baf2e6911e114946ebb7e6475cb7b74ab6af343
- SHA256
  
  be230035f1e1b86c687d94ba142e56f1859cbee72cce927a62047e04b30b7807
- SHA512
  
  17e63aeeb25be473e1b6c80d84e9a94d1f249900c3406fabe71971c24d500d7855d8fc36f855ec52c4b96b37d40f3bf11c312308a54c84c7afab0c5369bf3e45
- SSDEEP
  
  12288:ixx3htjxnAqZ6oR65AXwgFvuSSSII920CdUjRQg75zsDxrK4EFA1lN3mgR3mEuK:ixx32oR6qge920CdUjvSpK/KXNV3mI
Score

10^/10

xloader u3r5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2