xloader

General

Target

e9f7cfd8b9d74705231e5f33e572447688fb8973a26db1c8b608872117ee3e18N
Size

425KB
Sample

241004-cpj45sshkd
MD5

9e3e2b8f340761fd7f3630a5d6b1e340
SHA1

412eb58ce7d49774bc23ab59a29609ac934b3f88
SHA256

e9f7cfd8b9d74705231e5f33e572447688fb8973a26db1c8b608872117ee3e18
SHA512

85dcb2079a0906fbb6f9dbef556638e55ce4f619d4830083f2de558c7f5f9ef4c61c57f47f31712f4f21bf2487fcf604889425da3c7872686a53cb2b43df4eac
SSDEEP

12288:oNe9Z6Vh5xgJbZ3HxORkEE8T+BFd5kYhbua2TbxKzQkYI:oNOZ663HxqkEYBhk2UbaQkYI

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s2q8

Decoy

zenithcrushers.net

jeffreysfranchise.store

unavidaparaserfeliz.com

notvaccinatedjobs.com

jisakuzushi.com

demeet.xyz

immersioneconme.online

powercable.xyz

mingwwww.store

analystaide.com

ajfotografie.com

mothersmilktn.com

judithlisachomes.com

simplythaliachicago.com

goetzerehnstiftung.net

nowsportslive.online

hallowseason.com

triple16.com

grupomalucelli.com

fdtwr.com

Targets

- Target
  
  e9f7cfd8b9d74705231e5f33e572447688fb8973a26db1c8b608872117ee3e18N
- Size
  
  425KB
- MD5
  
  9e3e2b8f340761fd7f3630a5d6b1e340
- SHA1
  
  412eb58ce7d49774bc23ab59a29609ac934b3f88
- SHA256
  
  e9f7cfd8b9d74705231e5f33e572447688fb8973a26db1c8b608872117ee3e18
- SHA512
  
  85dcb2079a0906fbb6f9dbef556638e55ce4f619d4830083f2de558c7f5f9ef4c61c57f47f31712f4f21bf2487fcf604889425da3c7872686a53cb2b43df4eac
- SSDEEP
  
  12288:oNe9Z6Vh5xgJbZ3HxORkEE8T+BFd5kYhbua2TbxKzQkYI:oNOZ663HxqkEYBhk2UbaQkYI
Score

10^/10

xloader s2q8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  cpjkhm.exe
- Size
  
  4KB
- MD5
  
  c910a97bac72a537aa24144427c69290
- SHA1
  
  98382514ee34de89bdf8da5e0c136c5d0cb4097a
- SHA256
  
  4921031a6f9c7d20fe0a849eee9f16d792733fd34f32b346ac43098421093c43
- SHA512
  
  2440c8fa743ba50b3ed973fb514e5a636a0aad82fafa48415e840df18f44d6553d450edad7cb417623288b883ea6316fbe40a567bc7e3ca85035b9b03740bc1d
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4