xloader

General

Target

19081826027.zip
Size

179KB
Sample

240924-bwg3pawapg
MD5

ab865a680abea4db76c811fd7747994e
SHA1

c0701683ca3ab469335d8c5545357e558e80f875
SHA256

2940a3d00fbeae0623c4f6c3231ec29b10b3d3043a2ccbc6f05fb92220de58a8
SHA512

470a7e29344a8ea868f6739bf2e7760fd3af20e00e1f10b99f00a2f52799e9c153fa47d1142dc35fcbb248914570bb19d44601e4c86acd39a29e7484ce7941fc
SSDEEP

3072:HBp8MDWys8fmZeUap3z9AsVVEtJHJeKCFbQX57zoVXzuwUjqe4WJfVkCyKQb:hp8MDWXwmYUoVafHKFS7zeClj4WJNkI+

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

3e9r

Decoy

143411.com

300dh.xyz

win-chance.info

essentialsofbeauty.com

skategrindingwheels.com

jyqtgg.com

exodijuis.com

goodwinpuppies.com

doitlive.online

hello-orchid.com

shangjibbs.com

innovarecic.com

fococomunicacaovisuales.com

completemarine.care

parodistluxuryroll.com

anda568.com

unicorm.digital

weaveapp.xyz

artractions.com

app-ads-network.com

Targets

- Target
  
  140c2a66e6feca66598f349391e11813c91e918bad57de7422e0531ab42a6117
- Size
  
  192KB
- MD5
  
  a43025a136bcc6af701054ed51ad8adb
- SHA1
  
  547032f4afb1cb3b6970ba5a64234d20e815a3a4
- SHA256
  
  140c2a66e6feca66598f349391e11813c91e918bad57de7422e0531ab42a6117
- SHA512
  
  e6c9bd2cf29cffb3d318664a9525d6d56767d4ec482b6f38861b1f01d222a73228f4e70bc12b45f700eb37513a32d64616edf09e8b4df349e9a0aa36c7fe3f81
- SSDEEP
  
  3072:l1NjcVVnLpPuqbJzk9y/Nsso8vTUa6wySNSCV1sPvhDbQh2k4hPwn0gSimGZ6P5u:HNeZFhbEaeSN91sP9baS+npwIn2nyR7
Score

10^/10

xloader 3e9r discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  rxyzg.exe
- Size
  
  3KB
- MD5
  
  64d3f2b2a7c95bc7051051fe34620dc3
- SHA1
  
  1a089f830583bca8aae69330a9e4946bbe03fb4f
- SHA256
  
  d1595a226a32172f214ff69b964281ef663079b6467cffa98edc6064a9f69ab6
- SHA512
  
  af6b303b98765034f886e8bc9889f829a0265bde7559b9e738ff310be6747be083c377fecc76a007d2f464907bff80c6acfc90abf7f46a1408438554a01bff7e
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4