xloader

General

Target

916715cdd3cb9f6670424bd4f72682cdc4343d79fd36b19de992ee2c3095ecdeN
Size

307KB
Sample

241003-wljhzssdpc
MD5

28f2c3e63f1fd1357d2cfe72869b53c0
SHA1

173d8ff1943f864ea06ef27921ed0e5e2216666f
SHA256

916715cdd3cb9f6670424bd4f72682cdc4343d79fd36b19de992ee2c3095ecde
SHA512

c1fe8d6e948521b9d30e4275031b1ff2a2ffb4ff5bd1b0214e631cc4efe3e2613d3edd27c437329edce64f09c35721cc132604c9c2631f2c0269c7ad7a9d9994
SSDEEP

6144:RNeZbN827N5wptBh8EF6+ofNxn1g50EG8Y0lWNe7I+4auF9PX:RNONvJ+ptBCU6++gr86I+69PX

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

op53

Decoy

salamdiab.com

pysznepay.com

braktonem.quest

z5jgazn.xyz

jungleking.online

for2play.com

organizedkay.com

bitsgifts.com

autobras.online

paghosting.net

waltersswholesale.com

seculardata.com

hsa-attorneys.com

genyuandl.com

metalcorpperu.com

jasbellyfusion.com

weddingtowifepodcast.com

69xibao.xyz

dsp-energe.com

jantfencingandsheds.com

Targets

- Target
  
  916715cdd3cb9f6670424bd4f72682cdc4343d79fd36b19de992ee2c3095ecdeN
- Size
  
  307KB
- MD5
  
  28f2c3e63f1fd1357d2cfe72869b53c0
- SHA1
  
  173d8ff1943f864ea06ef27921ed0e5e2216666f
- SHA256
  
  916715cdd3cb9f6670424bd4f72682cdc4343d79fd36b19de992ee2c3095ecde
- SHA512
  
  c1fe8d6e948521b9d30e4275031b1ff2a2ffb4ff5bd1b0214e631cc4efe3e2613d3edd27c437329edce64f09c35721cc132604c9c2631f2c0269c7ad7a9d9994
- SSDEEP
  
  6144:RNeZbN827N5wptBh8EF6+ofNxn1g50EG8Y0lWNe7I+4auF9PX:RNONvJ+ptBCU6++gr86I+69PX
Score

10^/10

xloader op53 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  xuhsbsshb.exe
- Size
  
  4KB
- MD5
  
  daa39e25fb5b25bd1e42408efdac928f
- SHA1
  
  665426ddf94268322d180128a92ddb2f45b1d3b8
- SHA256
  
  7e5a0ec65f4c96a6b8de07c341282da8777fc45f4976e415f1738fa165d0a272
- SHA512
  
  42cae6cc93a923965a65b70c68a46e63246d5af0175cbf7e4fc33ecf8d5bd2ffc1395c4237411292136daf36ebf132567cfa2f6dc2a7ec7d33d482cee2cb4903
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4