xloader

General

Target

e9e8c1fc6eb0493ccafa4bd8362662e9dcc1de1191c4e2a348f1283a367f0f41
Size

461KB
Sample

240902-dajeqszbrn
MD5

5e15f4f0710928ceb2445a10aaa48e9a
SHA1

6d737a3936b878bbd28020326e39c14c4b120003
SHA256

e9e8c1fc6eb0493ccafa4bd8362662e9dcc1de1191c4e2a348f1283a367f0f41
SHA512

416d8abdafbcf11d9a42592a853db81eecc14ddca97b5966c4e13cd5130acc25633b7bb95f580790c1063db733bbe61ca2eeed9781fcef960a3853f084a26757
SSDEEP

6144:O3CDRM9sIkrdnvCgUmCeyCQOEHoXwOK0VEppAcpSK8QGS4mBgESFX0A7:Gf9HmdvCKCepXC50VEpG8NnJgE8X04

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h3qo

Decoy

dhflow.com

jyindex.com

ezcleanhandle.com

trungtamcongdong.online

simsprotectionagency.com

easylivemeet.com

blackvikingfashionhouse.com

52banxue.com

girlsinit.com

drhemo.com

freethefarmers.com

velvetrosephotography.com

geometricbotaniclas.com

skyandspirit.com

deltacomunicacao.com

mucademy.com

jaboilfieldsolutions.net

howtowinatblackjacknow.com

anytimegrowth.com

simranluthra.com

Targets

- Target
  
  e9e8c1fc6eb0493ccafa4bd8362662e9dcc1de1191c4e2a348f1283a367f0f41
- Size
  
  461KB
- MD5
  
  5e15f4f0710928ceb2445a10aaa48e9a
- SHA1
  
  6d737a3936b878bbd28020326e39c14c4b120003
- SHA256
  
  e9e8c1fc6eb0493ccafa4bd8362662e9dcc1de1191c4e2a348f1283a367f0f41
- SHA512
  
  416d8abdafbcf11d9a42592a853db81eecc14ddca97b5966c4e13cd5130acc25633b7bb95f580790c1063db733bbe61ca2eeed9781fcef960a3853f084a26757
- SSDEEP
  
  6144:O3CDRM9sIkrdnvCgUmCeyCQOEHoXwOK0VEppAcpSK8QGS4mBgESFX0A7:Gf9HmdvCKCepXC50VEpG8NnJgE8X04
Score

10^/10

xloader h3qo discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2