xloader

Resubmissions

20/04/2024, 01:16 UTC

240420-bmxf1sdd8s 10

20/04/2024, 01:12 UTC

240420-bksp2sdc9s 10

Sharing

Copy URL

Twitter E-mail

General

Target

IMG_38575943.exe
Size

341KB
Sample

240420-bksp2sdc9s
MD5

2a11ef715093c4429cd05dc3950c7f89
SHA1

3199e3c72fc349d9cce951c2c8830d88a8da4454
SHA256

50df1fc76a41a970a44ac40efdd0113c599a7091891dc13c25e78abe52a97158
SHA512

24f2d7a608d421258334144217e97dccdeb023d5e621774f213eda210a8937df0c7d12cfd02e8c96d5951011d6142a320ca3b40bedb8ac6ad5f95ccc6d3d2d0a
SSDEEP

6144:HqPwmYdAbc0C3LFDDOQmjUi0GL9jDAlPMKpPbd6j62AeI4KR0VoFtDFF7g:HqPwmYdAbc0CboQmjIGN6Pzd6j6/eWtU

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Targets

- Target
  
  IMG_38575943.exe
- Size
  
  341KB
- MD5
  
  2a11ef715093c4429cd05dc3950c7f89
- SHA1
  
  3199e3c72fc349d9cce951c2c8830d88a8da4454
- SHA256
  
  50df1fc76a41a970a44ac40efdd0113c599a7091891dc13c25e78abe52a97158
- SHA512
  
  24f2d7a608d421258334144217e97dccdeb023d5e621774f213eda210a8937df0c7d12cfd02e8c96d5951011d6142a320ca3b40bedb8ac6ad5f95ccc6d3d2d0a
- SSDEEP
  
  6144:HqPwmYdAbc0C3LFDDOQmjUi0GL9jDAlPMKpPbd6j62AeI4KR0VoFtDFF7g:HqPwmYdAbc0CboQmjIGN6Pzd6j6/eWtU
Score

10^/10

xloader c6si loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.