xloader

General

Target

230619-x195xsfg88_pw_infected.zip
Size

328KB
Sample

240415-27rz5sah29
MD5

6899964a5171acc0df6afcd4e3ba7c3d
SHA1

1be58fc3059b95290e55b45ca3939adac139d8e0
SHA256

af2b21a69de30c1e874d99bf4f2780a28385eafcb57f48598714019e7504cfec
SHA512

8b5c416757d436a402a65578c9e888f61d46c88f43e796c5a36a42ba2012c6e7cf87c93333d97cef70b6c3acc53f8279058473cc61d8e2954790fc80bc32fd02
SSDEEP

6144:7sl6uAnpm5xWSMy7A0tUNWn2C1fI4SxKuUs0eW3T+nETMCv:Il6u4j67AVis4SxKns0/FwCv

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  230619-x195xsfg88_pw_infected.zip
- Size
  
  328KB
- MD5
  
  6899964a5171acc0df6afcd4e3ba7c3d
- SHA1
  
  1be58fc3059b95290e55b45ca3939adac139d8e0
- SHA256
  
  af2b21a69de30c1e874d99bf4f2780a28385eafcb57f48598714019e7504cfec
- SHA512
  
  8b5c416757d436a402a65578c9e888f61d46c88f43e796c5a36a42ba2012c6e7cf87c93333d97cef70b6c3acc53f8279058473cc61d8e2954790fc80bc32fd02
- SSDEEP
  
  6144:7sl6uAnpm5xWSMy7A0tUNWn2C1fI4SxKuUs0eW3T+nETMCv:Il6u4j67AVis4SxKns0/FwCv
Score

3^/10
behavioral1 behavioral2
- Target
  
  IMG_38575943.exe
- Size
  
  341KB
- MD5
  
  2a11ef715093c4429cd05dc3950c7f89
- SHA1
  
  3199e3c72fc349d9cce951c2c8830d88a8da4454
- SHA256
  
  50df1fc76a41a970a44ac40efdd0113c599a7091891dc13c25e78abe52a97158
- SHA512
  
  24f2d7a608d421258334144217e97dccdeb023d5e621774f213eda210a8937df0c7d12cfd02e8c96d5951011d6142a320ca3b40bedb8ac6ad5f95ccc6d3d2d0a
- SSDEEP
  
  6144:HqPwmYdAbc0C3LFDDOQmjUi0GL9jDAlPMKpPbd6j62AeI4KR0VoFtDFF7g:HqPwmYdAbc0CboQmjIGN6Pzd6j6/eWtU
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4