xloader

General

Target

21377d4071648a47228942fcfe0bfe32bc639b2d905828050b6a8c1dfc8d1052
Size

471KB
Sample

240831-svve3a1bqh
MD5

d9b8b2969d299d44745d42ea77057ea8
SHA1

c1092b67bce61b36c291f714ba2c6aafc26868aa
SHA256

21377d4071648a47228942fcfe0bfe32bc639b2d905828050b6a8c1dfc8d1052
SHA512

80eeb9ae966ec8dd5ea51fb74a3aa5de556b96e80600203d23783e38d4ad5d0628a2a82a20d2a7671591a8d44fbb2e1a85becc3ceb150c1860c564156de5d6f5
SSDEEP

12288:vTQ1gANW7CKEzFTzID8shVaVzjx7sw4S6v2:vcaANzKEzR1shVaxuv2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  dc8324152892b2fc30fd2574d990150aeecbe7b3e5b871d884c6644a16ede4ed
- Size
  
  585KB
- MD5
  
  d3f9895ad53fed9a59919eac83de1992
- SHA1
  
  982753997a748d691c93f2aad18f8ffd6961dcc8
- SHA256
  
  dc8324152892b2fc30fd2574d990150aeecbe7b3e5b871d884c6644a16ede4ed
- SHA512
  
  356e4231d898db79beba4701ba49cd7a053be6be34fecf62331b6f4bb69c9492f1c065f4b6c943886e4999042cb577e7ac5c5df4d96958a7446179aff2bb4bdc
- SSDEEP
  
  12288:y4n3bUzN/aLflq8FJwY1z6eRuQtbbtLlOhsxeHHm:N6CRSY1X99ppOyxenm
Score

10^/10

xloader fqiq discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2