xloader

General

Target

e00c78c89894028be70f0125ab20cc5919d39930fb98d01b367c3f05d69029ce.exe
Size

214KB
Sample

240726-g7bypsvdkb
MD5

3e63f636a493ee210b6627e63c954665
SHA1

07edabeb3c3375043de5a0a2af222a9888e40c75
SHA256

e00c78c89894028be70f0125ab20cc5919d39930fb98d01b367c3f05d69029ce
SHA512

4bea9a7c13ff9543532bbbb5ef1497bf3d31d03d1629365d962e953695ebc4d77dde329b451e1b07cdf18c3883d22df2e58b2602e116e32bc4292e027b2c0a42
SSDEEP

6144:oNeZg14JHXuf5KmE+rZOuTdcC2xIC90pLXg4Psgf:oN8HXG1NOiSPxbCLX7PsO

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hsot

Decoy

carefile.icu

autrement-dit-translation.com

openft.xyz

hip-express.com

snowwisdom.com

effort-less.xyz

cardiopulmonaryservices.com

mednotics.com

hxtz54.com

sendex.global

getemergencyfood.com

xn--ekr703aymjgvi.group

whitmanrandolphmath.com

theunitedgamingleague.net

sxqnx.com

finessemovement.com

srsremodelinginc.com

shuddhiorganics.com

tlichomedical.com

millennium.school

Targets

- Target
  
  e00c78c89894028be70f0125ab20cc5919d39930fb98d01b367c3f05d69029ce.exe
- Size
  
  214KB
- MD5
  
  3e63f636a493ee210b6627e63c954665
- SHA1
  
  07edabeb3c3375043de5a0a2af222a9888e40c75
- SHA256
  
  e00c78c89894028be70f0125ab20cc5919d39930fb98d01b367c3f05d69029ce
- SHA512
  
  4bea9a7c13ff9543532bbbb5ef1497bf3d31d03d1629365d962e953695ebc4d77dde329b451e1b07cdf18c3883d22df2e58b2602e116e32bc4292e027b2c0a42
- SSDEEP
  
  6144:oNeZg14JHXuf5KmE+rZOuTdcC2xIC90pLXg4Psgf:oN8HXG1NOiSPxbCLX7PsO
Score

10^/10

xloader hsot discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  gynoox.exe
- Size
  
  3KB
- MD5
  
  c81d16f671e6bdf7f5ae1c7003856717
- SHA1
  
  031ae8483b93c7040fb327d1141dfafa636b75bb
- SHA256
  
  ea757de6b7cb2593fbdac083b42f2143812370c864e30c8c461de152664e9a1f
- SHA512
  
  f08e25b1f3ba7e58b4f4993b4cf4079e45c132dc85f6f323eba83c4a92d61e76c74a0b264802aabc031f08f13d291d1c6556bd8d7747ba5f37b306346bc732f8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4