xloader

General

Target

bf440163ce243020c6176547d0ba56bb
Size

182KB
Sample

240310-3pqj2aef2z
MD5

bf440163ce243020c6176547d0ba56bb
SHA1

8cd2750d0124b50e67a632f60a8c9de432ca05a9
SHA256

8946198c40b9dcbf3fd6ecf3a1db106d798f098a8324858b82e7e692508aac28
SHA512

f5f022dce2b4389d55ffff8e5c4567d6b67d7754cd400e89abbbfde3cf17f01fa16d733c60ed435ab06f9c4a6f08b9b206b1454bd3847ee6e1105c6275bb97b9
SSDEEP

3072:Te8SpBkrsoFYoLR3DzAaNlrvJfRiDrdYGlT3Kn/hmN236SF1XwHYau:FSp8fRAIrv1oDrdYsrKnpmNRSRw4n

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p086

Decoy

jinshichain.com

worldpettraveler.com

hightecforpc.com

kj97fm.com

streetnewstv.com

webrew.club

wheretogodubai.com

apostapolitica.net

thecafy.com

vinelosangeles.com

gashinc.com

gutitout.net

bvd-invest.com

realtoroutdesk.com

lawnbowlstournaments.net

nobodyisillegal.com

abogadoorihuela.net

sanistela.com

jksecurityworld.com

peppermintproject.com

Targets

- Target
  
  bf440163ce243020c6176547d0ba56bb
- Size
  
  182KB
- MD5
  
  bf440163ce243020c6176547d0ba56bb
- SHA1
  
  8cd2750d0124b50e67a632f60a8c9de432ca05a9
- SHA256
  
  8946198c40b9dcbf3fd6ecf3a1db106d798f098a8324858b82e7e692508aac28
- SHA512
  
  f5f022dce2b4389d55ffff8e5c4567d6b67d7754cd400e89abbbfde3cf17f01fa16d733c60ed435ab06f9c4a6f08b9b206b1454bd3847ee6e1105c6275bb97b9
- SSDEEP
  
  3072:Te8SpBkrsoFYoLR3DzAaNlrvJfRiDrdYGlT3Kn/hmN236SF1XwHYau:FSp8fRAIrv1oDrdYsrKnpmNRSRw4n
Score

10^/10

xloader p086 loader rat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2