xloader

General

Target

4fab874df115dfe8918b112b2bfa7aaab6d65c8be51190f19f3260ec6206fd95
Size

384KB
Sample

241121-2d82kasrcj
MD5

08e2f7437029a3bcd39a9585ddc0f548
SHA1

e37dc36781ba505c8f673f0b03837090ed173cae
SHA256

4fab874df115dfe8918b112b2bfa7aaab6d65c8be51190f19f3260ec6206fd95
SHA512

7be4f6b12f5525b8c0a2fe7e1553aadeebd758c3f0d7fac0ac51e30092ae02d9d54685fed6a8273bf817fb20db8160e9bb5b1685808416b6d40c2b0ee38a001a
SSDEEP

6144:CjzePyiQ8OuyABe4dpOS8Y7lM0Vymc7VPXL1cwtXnnE+Yh9fNPIsTwL+nibB:AotQ8OyBe6OSZlMSQT1cWnnEX7we/YB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

gd9m

Decoy

screens.ma

coachingdiary.com

cannabisconsultant.xyz

sirenonthemoon.com

gabrielatrejo.com

blumenladentampa.com

sturisticosadmcancun.com

qdygo.net

nubearies.com

thedestinationcrafter.com

fastblacktv.com

sanakatha.com

birdviewsecurityandshipping.com

waterfilterhub.xyz

92658.top

xigen.xyz

barikadcrew.com

herzogbjj.com

veminis.com

thnawya.net

Targets

- Target
  
  vbc.exe
- Size
  
  611KB
- MD5
  
  da0fe038092ffec4ea327f0ec0d0c290
- SHA1
  
  d8bc98b32215c23d8b35bd998f3cb797bea58cbb
- SHA256
  
  40900faa35256d3ac7ec7116099f42a085244ecc802e9cea7522a7707eba7b62
- SHA512
  
  5c5625bd6d5dbc27e4310174f5bf83a6ec57c65e02911d2f9c101e7b7cc65aa0e7fbf82fb62f391f0f67b5a0706b8aa91ccfa6b9245083779bac4efc737459fb
- SSDEEP
  
  12288:V8hgEeGGMIEb/vnpd/OF1HW6nGYidFVDNVjSeUX8/a/zoTexh:VugEeGh/vnpxOT2kUfVjJUX8/abo
Score

10^/10

xloader gd9m discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2