xloader

Sharing

Copy URL

Twitter E-mail

General

Target

69d6130e88b7f0157c2c24ceb2cc4a40N
Size

416KB
Sample

240827-x1ptzsxcje
MD5

69d6130e88b7f0157c2c24ceb2cc4a40
SHA1

041718d23c5b77e72dc65490279cb1f34b4bcced
SHA256

07fb86d2d29812a93d65900435235baf42de5cd83e6dfe381f099a1967746aa2
SHA512

f4403c609138c87c8de4da0f36995efe3f1e81289c0840e97d3e4fd35274350ff320cb05747236a3c6f8fd57a2022d6f95c69c3178914f7c2cbc75f800d28e63
SSDEEP

6144:/QqJb5mFCQcGNYpmUIfvlQdFMkbkz13XQCbbGJJPH4hErRqUHvB:z5mFvcyYQhfvWMkbu1nQdJ8OvB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

or4i

Decoy

cylindberg.com

qsmpy.world

hairmaxxclinic.com

teesfitpro.com

changethecompany.net

painteredmond.com

shebagholdings.com

wasteexport.com

salesclerkadage.life

rainboxs.com

lingoblasterdiscount.com

booweats.com

topcasino-111.com

downtoearthwork.com

carry-hai.com

nassaustreetcorp.com

directflence.com

basictrainningphothos.com

virtualayurveda.com

dar-sanidad.com

Targets

- Target
  
  69d6130e88b7f0157c2c24ceb2cc4a40N
- Size
  
  416KB
- MD5
  
  69d6130e88b7f0157c2c24ceb2cc4a40
- SHA1
  
  041718d23c5b77e72dc65490279cb1f34b4bcced
- SHA256
  
  07fb86d2d29812a93d65900435235baf42de5cd83e6dfe381f099a1967746aa2
- SHA512
  
  f4403c609138c87c8de4da0f36995efe3f1e81289c0840e97d3e4fd35274350ff320cb05747236a3c6f8fd57a2022d6f95c69c3178914f7c2cbc75f800d28e63
- SSDEEP
  
  6144:/QqJb5mFCQcGNYpmUIfvlQdFMkbkz13XQCbbGJJPH4hErRqUHvB:z5mFvcyYQhfvWMkbu1nQdJ8OvB
Score

10^/10

xloader or4i discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  NBProjects/ParticleFirmware/nbproject/private/uninstall-particle-toolchain.exe
- Size
  
  237KB
- MD5
  
  aa7c7b873d2a0133e64134bc4896bedc
- SHA1
  
  68981e95cabdec76010ce08e92f92c784733e09b
- SHA256
  
  78c90c652b38540b7835c9458f3b72197fe869bb62fe49502564acf56a4e6da9
- SHA512
  
  26cf821e76dbe4b7d746f4bb7bf993cb377256faff5d2958fa59b72a670497398852ee774f24540abeeddf80ed795468dee3a564c80dec41e880ccd1f7ebafd7
- SSDEEP
  
  3072:/Lk395hYXJBI265dEWAFwlSncsJHZ1MCKWNfgpm5IKqIfvlVG3dTTMkB:/QqIb5mFCQcGNYpmUIfvlQdkkB
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8