xloader

General

Target

de042e38d84cf16252496d8330eacf1b.zip
Size

471KB
Sample

240901-samjqavaqf
MD5

221b43458df7c70b32c9e98e938c7ff7
SHA1

476c10697627ef5a46088285c30b0e8ddf669d0c
SHA256

be76309eec12e3eada6dea02b6f08f4db9468953380bec1eddbf452889f083e8
SHA512

f5b0cf4346280c532106b06ea85f5e6a52ffda6acc56f08859d1382a8a231367d36ac29f8fd074ff6f545f8e7c4a0eda3f3274e816616e04ca6e86834d958f0c
SSDEEP

6144:2aBpav0OHPgVcGlJ5tNS+prVmnqP2y/F1PZ2nvM1bMeTdwBi4k27ecRhXrXhlk:lpNYPgCmJ5t/prkqcUNRyzT7h2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  64c3c3a5004d786f14ced03e295463bebaa1ab08c59b8287001c15aac69e3521
- Size
  
  585KB
- MD5
  
  de042e38d84cf16252496d8330eacf1b
- SHA1
  
  cf808849aa0afbf36dbcd71a63499da2132f52d1
- SHA256
  
  64c3c3a5004d786f14ced03e295463bebaa1ab08c59b8287001c15aac69e3521
- SHA512
  
  1f6cf41e7706e7e6b717aaeb5c83bd0dfa74d2038cff02e146dc9d4718e398db67621e51e94287d5f320b9ea7a372fb2b31dafa81b0a86bdcc2033fd723da2a3
- SSDEEP
  
  12288:ny3bU4N/HJRNwwC6dQ7HG+4FnjLlOhsxeHHV:0fJrPZQ7HGhBpOyxenV
Score

10^/10

xloader fqiq discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2