xloader

General

Target

cd327d55e481bdb301265079b80c8af67b4c6b3f9cd5de9cfe7906749c8249d5N
Size

223KB
Sample

240918-r24fwawfme
MD5

db37d1e2931c760f34d98449f3f643d0
SHA1

7783156205a04b0a6c92268ed56bcfbddac4652c
SHA256

cd327d55e481bdb301265079b80c8af67b4c6b3f9cd5de9cfe7906749c8249d5
SHA512

fa8ad7553c56cd67fcfcee351f4e1386ab999954f3ea690d43b2ca1c3c060eb7bb9620f8fb2014ac82b1d993ab3bf6dd04a4d287c460cbb79f1ee4e6bf39df2e
SSDEEP

6144:4YS+dkhpLFpaZaIuBUd0rtFjurSTDyJLIkRdlHYe+y5yMNT:4YddgpLFpaZaIUSqtFqrSHyJLIkRdd5L

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qian

Decoy

jurutv.com

hyenanews.com

zhurucap.com

a-ruholdings.com

sakering.com

genecite.com

turkiye-gov-tr.net

thealexagency.com

nelvairenecruzadojulon.com

bleusleep.com

justsfind.com

chayaadatrao.com

thitruongquocte.com

todorecord.com

69-1hn7uc.net

basecampadventurevans.com

stormberggrouptn.com

tomrings.com

7187295.com

jomaline.com

Targets

- Target
  
  cd327d55e481bdb301265079b80c8af67b4c6b3f9cd5de9cfe7906749c8249d5N
- Size
  
  223KB
- MD5
  
  db37d1e2931c760f34d98449f3f643d0
- SHA1
  
  7783156205a04b0a6c92268ed56bcfbddac4652c
- SHA256
  
  cd327d55e481bdb301265079b80c8af67b4c6b3f9cd5de9cfe7906749c8249d5
- SHA512
  
  fa8ad7553c56cd67fcfcee351f4e1386ab999954f3ea690d43b2ca1c3c060eb7bb9620f8fb2014ac82b1d993ab3bf6dd04a4d287c460cbb79f1ee4e6bf39df2e
- SSDEEP
  
  6144:4YS+dkhpLFpaZaIuBUd0rtFjurSTDyJLIkRdlHYe+y5yMNT:4YddgpLFpaZaIUSqtFqrSHyJLIkRdd5L
Score

10^/10

xloader qian discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2