xloader

Sharing

Copy URL

Twitter E-mail

General

Target

0343f7d9824f51e45c9cc6ffbe4a1c20N
Size

212KB
Sample

240826-tgtgaateqq
MD5

0343f7d9824f51e45c9cc6ffbe4a1c20
SHA1

81ea1a3648e3b9d4903398502cc5ac8fbd0a843a
SHA256

915e637e9e56872ab8f1318ea2aa2434c5161cd6bf289076ebecac66db6bd25b
SHA512

83c21afce52224b8b70be568e7bc6d90a4539984c627979bf7a1d172396e054496dd981ac95b0e8b0332467e9214188929974ec49fd5068f2f3b91e9f5e6b2e3
SSDEEP

3072:jLk395hYXJLM/6tdrHF3AHEAHVxd/Y/6fV4xRrB9sTQt4Ge9tBBTWw0vlT4H7n+B:jQqqWQkAHJX4XYkY9Pow0vlT4+B

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ntfs

Decoy

muhammedunal.com

humanvitality.site

thebookofgremlins.com

jamsoles.online

lakelasvegas.homes

fairplay.site

stanversity.com

palacinkaneiva.com

chaseinbox.com

wakeycare.com

habitastulum.net

fundacjacd.com

2wxuit.com

igamingmediahq.com

umannedresearchlaboratories.com

bonedex.com

ebaiyoservices.co.uk

organichorsemanship.com

spanishbyhk.com

stepfields.com

Targets

- Target
  
  0343f7d9824f51e45c9cc6ffbe4a1c20N
- Size
  
  212KB
- MD5
  
  0343f7d9824f51e45c9cc6ffbe4a1c20
- SHA1
  
  81ea1a3648e3b9d4903398502cc5ac8fbd0a843a
- SHA256
  
  915e637e9e56872ab8f1318ea2aa2434c5161cd6bf289076ebecac66db6bd25b
- SHA512
  
  83c21afce52224b8b70be568e7bc6d90a4539984c627979bf7a1d172396e054496dd981ac95b0e8b0332467e9214188929974ec49fd5068f2f3b91e9f5e6b2e3
- SSDEEP
  
  3072:jLk395hYXJLM/6tdrHF3AHEAHVxd/Y/6fV4xRrB9sTQt4Ge9tBBTWw0vlT4H7n+B:jQqqWQkAHJX4XYkY9Pow0vlT4+B
Score

10^/10

xloader ntfs discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  NBProjects/ParticleFirmware/nbproject/private/uninstall-particle-toolchain.exe
- Size
  
  32KB
- MD5
  
  faef2ffcd408eda3698879ad1bc0bff7
- SHA1
  
  ea8bdc37b82e66a7492b30af7174dd4fd0f69ce8
- SHA256
  
  be0fdf6ef1bd4bc0768b90bbb001995b572d65993e23c7fe04d4ba516a0f51b7
- SHA512
  
  cab31df32bea8abd7a31ff4dfec9aaf6683bd9a887672da98eb252b01a7972d5cb016c8262f6c64417c600f4c55717d6f6674246ef9a63976f96a5e77c57875a
- SSDEEP
  
  768:44wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJlJRnSMhCKQD:jLXB65939tY6HBg4sXJ4MkZD
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8