xloader

General

Target

47873a4fb57b3b9bc79a93c829767b4a0130cfdc5ea5af91a7df9fe5be33c879
Size

398KB
Sample

240901-gzrdestdmn
MD5

d276af05559e0dc084eb4c1bf6957414
SHA1

97723c507a59ac5999121244c13b0e0d83acc44d
SHA256

47873a4fb57b3b9bc79a93c829767b4a0130cfdc5ea5af91a7df9fe5be33c879
SHA512

d3e20148e21516aa91fb96528e3855014def6dcb3dd43e2e3b2e2969c5cd46f4b183a4edeb1a56145668a11b652bce48351493691762b0b91a7431f5be23f7a6
SSDEEP

12288:zUhcGFIGpumN6FsSzeojOJs3c+aY/pjH+DnM:YJNl63zeoUYRCLM

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

Decoy

advellerd.xyz

giasuvina.com

arab-xt-pro.com

ahsltu2ua4.com

trasportesemmanuel.com

kissimmeesoccercup.com

studyengland.com

m2volleyballclub.com

shyuehuan.com

elsml.com

blog-x-history.top

coditeu.com

allattachments.net

vigautruc.com

mentication.com

zambiaedu.xyz

filadelfiacenter.com

avlaborsourceinc.info

tameka-stewart.com

studio-cleo.com

Targets

- Target
  
  ecf0968be7a904567bfb2406b3bb651e76ae582e357cdc16c448aeec872bc31b
- Size
  
  486KB
- MD5
  
  3efd0baa42497c7fbdadf1f2dd4c8210
- SHA1
  
  48b1f026168871bd602276649508a6b309238802
- SHA256
  
  ecf0968be7a904567bfb2406b3bb651e76ae582e357cdc16c448aeec872bc31b
- SHA512
  
  ebe4875bb48cadb9bc8ce3a704453ecb599e1742896d473b09c1d310bae2fa6fe506dbf4b857406fc9350e54853e8a34670ffe018f54840b80d2843ddd7748b7
- SSDEEP
  
  12288:SrgpMw31pGFf3Fa4Z74uBVfbaLpFJwVev:SGHY3tB4ofWNFJx
Score

10^/10

xloader b5ce discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2