xloader

General

Target

8ac51d777f1c94d5d7647d7e5d4ebbc2a809500a607ce866af405f0b834793e2
Size

350KB
Sample

240902-fjse4stanh
MD5

80ee1c96ab367d3810a3fe6bfe92d2cc
SHA1

65b1021a8d9857e1354cd7775b13ee0584b28e87
SHA256

8ac51d777f1c94d5d7647d7e5d4ebbc2a809500a607ce866af405f0b834793e2
SHA512

0827bc64c2f47a4fcb3cd178727f889bc99f7d9a1f460ccdd065d8bce7553dc72d3e2e02f57116c2d4c5f3bfa4163f05bec0fbcd8a654a885a53744910070283
SSDEEP

6144:E3CDRM9sIkrdnvmgUmCey7lp1NriR3DgXMTHj5LzLA/coRkxcvRLr:sf9HmdvmKCeop1xM38XMTHj5LeRkuvFr

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wpsb

Decoy

0817ls.com

drawbeirut.com

respiteready.com

yufkayurek.com

poss-plus.com

distributesimilar.com

mcmendzlawns.com

bingent.info

wellnessandcomfort.com

humilityhope.com

recetasfes.com

olala.asia

epochryphal.com

room-lettings-onlines.club

lvc.xyz

reicolee.com

davidmarkphotovideo.photography

corpuschristicarbuyers.com

tutorialyoutube.com

ativ.pro

Targets

- Target
  
  8ac51d777f1c94d5d7647d7e5d4ebbc2a809500a607ce866af405f0b834793e2
- Size
  
  350KB
- MD5
  
  80ee1c96ab367d3810a3fe6bfe92d2cc
- SHA1
  
  65b1021a8d9857e1354cd7775b13ee0584b28e87
- SHA256
  
  8ac51d777f1c94d5d7647d7e5d4ebbc2a809500a607ce866af405f0b834793e2
- SHA512
  
  0827bc64c2f47a4fcb3cd178727f889bc99f7d9a1f460ccdd065d8bce7553dc72d3e2e02f57116c2d4c5f3bfa4163f05bec0fbcd8a654a885a53744910070283
- SSDEEP
  
  6144:E3CDRM9sIkrdnvmgUmCey7lp1NriR3DgXMTHj5LzLA/coRkxcvRLr:sf9HmdvmKCeop1xM38XMTHj5LeRkuvFr
Score

10^/10

xloader wpsb discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2