xloader

General

Target

573e83b907d3f2614078fe1ed3facb87fffeeb2d445b7cd4fd9fab7039733e31
Size

364KB
Sample

240831-pz318atgqf
MD5

1d8c9a6501fff75d9624d56de7203326
SHA1

b2c06d4950bfad2eb59311a248b9960925622b4c
SHA256

573e83b907d3f2614078fe1ed3facb87fffeeb2d445b7cd4fd9fab7039733e31
SHA512

954507ba6d0dd977fabab988a76aada88ce9ae9e2890951803415aa0516ea9461f3e53a7ceb83905b1615a96babed1a63bf5ffa58c2ff2573ccb97a965b4c5f7
SSDEEP

6144:2D8d/9Gt4R9IYeE57PnoD40oonkgqiuz7FAGzFg+vCoe4zdUP1aNSJcA3mh:+I64R9XeEhoD40oonkgqJ7Fm2Lez1aQM

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

- Target
  
  506458aaeef61f70cf73da3d71d5452cd859cfd9fbcc7cf515d27265ace2421d
- Size
  
  425KB
- MD5
  
  c0e07faebfd4b0977ac802e3bc73958a
- SHA1
  
  0277d0bc9bc70b7b013adb9e7500dd0cbd0b863e
- SHA256
  
  506458aaeef61f70cf73da3d71d5452cd859cfd9fbcc7cf515d27265ace2421d
- SHA512
  
  7ce148455e4a6152ac5ede04e595cafcb5e9363efc0d79552726a34fc1b7b595028758774d4358f581ec12a1a0a8823e5aa2dcc226a20763d32f17c95d6aa752
- SSDEEP
  
  6144:i6Uqd2GhNOQVwKtCcaEyfM2Q4NmbBggh13Rtm1DnMaKvzmr3:fUi2iNOQVlVPOTpqBtUDnMamQ
Score

10^/10

xloader euzn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2