xloader

General

Target

586a9900fca452e2afa7a4522204fc6a3c2536d66672dc7a24e189467c3d2a74
Size

887KB
Sample

241016-zyb68asgnd
MD5

53da05e0ba0640d11a2f68f93849d18f
SHA1

a6f6965cd9aee9f4942283a5eef8d3af92b1d440
SHA256

586a9900fca452e2afa7a4522204fc6a3c2536d66672dc7a24e189467c3d2a74
SHA512

438ea73954d4ff1e9c89225d2177361d55fc8e13290d595905cc9a2b7f7461f5ccc89b4af7646c1ac811f2a1631c5d88abfe1f9995e79609d67681296b63c593
SSDEEP

12288:4witCMnl6uqdnPqgduxjrYVS8Ln0TIxZ8bIC4UgqfLZvDyrNrT:5cCNXYgskVP0Ty8r4UgWtDQJ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

cia6

Decoy

zyciecodzienne.com

106hiddenoakstrail.com

petvetrx.com

meiyaio.com

mathstutorsouthglasgow.com

smartbizwithgq.com

sotoki.com

merencena.com

cmplubumbashi.net

redcandlemedia.net

gangidesign.online

onlinesfashion.com

hannael-it.com

forgedforpurpose.com

servingdivisiion.com

myskindeepbeauty.com

massagebyauriel.com

lafrancequejaime.com

karlgillard.com

baharran.com

Targets

- Target
  
  586a9900fca452e2afa7a4522204fc6a3c2536d66672dc7a24e189467c3d2a74
- Size
  
  887KB
- MD5
  
  53da05e0ba0640d11a2f68f93849d18f
- SHA1
  
  a6f6965cd9aee9f4942283a5eef8d3af92b1d440
- SHA256
  
  586a9900fca452e2afa7a4522204fc6a3c2536d66672dc7a24e189467c3d2a74
- SHA512
  
  438ea73954d4ff1e9c89225d2177361d55fc8e13290d595905cc9a2b7f7461f5ccc89b4af7646c1ac811f2a1631c5d88abfe1f9995e79609d67681296b63c593
- SSDEEP
  
  12288:4witCMnl6uqdnPqgduxjrYVS8Ln0TIxZ8bIC4UgqfLZvDyrNrT:5cCNXYgskVP0Ty8r4UgWtDQJ
Score

10^/10

xloader cia6 discovery loader rat upx
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2