xloader

General

Target

6048d2cc24be326d2ede052bb52c19fa.zip
Size

386KB
Sample

240831-bzerqsyale
MD5

a7d28785e1b83d510c29a6bd34b7044a
SHA1

fbc3eeabe3886fea69a39b91f53ec3550dbbd4eb
SHA256

2ea5c66405be0aa4503f7379be6c3520afd5f82784571825fb5032c96d59397c
SHA512

92fe47dd003ced1fff5b03a0f255b631b5c5fc81a5fe0a02fe39fc3b9d19ee9f69d7a36e17dc74a255f85955be76ef516d4ea8e3372e8ad4fc84eab6231a4c53
SSDEEP

6144:UYmR8tVnLCB7H6YIQSbPIvkq2Bfwf2QmLfvMCtqxUbYpNbeFwVfjZ6E9ZzddN:UWJaa9QWjfg76MFxUbYbbeFwhAs

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

amb4

Decoy

ameerkabob.com

wenzhikeji.online

ktnsoil.xyz

dock7rods.com

simbaimmigration.com

tanahvilamalino.online

amaozn-co-jp.xyz

atahukukbafra.com

attruth.net

jigservices.net

310indianway.com

freelotto.online

mylanding-page.com

dudemealprep.com

wellmaintainedhealth.com

vitemonprenom.com

laurynfauntroy.com

pilotmom.info

arpatientsapp.com

sendangdigital.com

Targets

- Target
  
  czOxHskgIAQwZ8m.exe
- Size
  
  425KB
- MD5
  
  edb54a30972b862cfba8589bb1f67c7e
- SHA1
  
  7f3b9b36342bb863950e592063db38cd2c3f8bb9
- SHA256
  
  856b8775a8063900378a815cd03d0f9628c4296eddd93ac9e9cd52269178c079
- SHA512
  
  51f1e192a0f06472c5bf3da68e511d1112dd61a8a429aeb14c39e3d8e05b0448b5086d4367a2953b3dbbaa453faac63aa4319127aa9944e68334322cc6bc8f42
- SSDEEP
  
  12288:S0SrZ2vE4MtuTN6GLMX3a9sO81joauMuB3fj:Sf2vE9tuPgHa2O8hoauMuB
Score

10^/10

discovery xloader amb4 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2