xloader

General

Target

a9df54cad25fae45024e53abe5b8c222bc1c0dbe91de0bb2d740572dc2656ea7
Size

298KB
Sample

241121-2e2zmssrdq
MD5

fbd690aed38870454ad4438c85c536fd
SHA1

7a3efc2fcd60a367e814400301e322bae3a783b5
SHA256

a9df54cad25fae45024e53abe5b8c222bc1c0dbe91de0bb2d740572dc2656ea7
SHA512

06c72bfdb2f2b4dd23317d5f67d282582290783ebc95ac9451ad8b7887411d8454c43d4a9287dd09f9f70224cd4fa815c4e8c0f607ac5927fd85d0a844806170
SSDEEP

6144:4c3JA/4lL3CGO2LCaTvIXg/Laj9o7KbvHMn/s8LJ:TJflL3C0LRvFdGHMdJ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

d8ak

Decoy

slingshots305.com

egemv.com

purplewrld.com

thaipayakorn.com

crontabcyber.com

wolfalike.com

tedstbrice.com

bbwtrip.com

clothestokidsri.com

experienanidworks.com

acuityhealthcare.xyz

applepai.net

happytownmayor.net

xn--vltadvisors-2eb.com

garbagegenius.com

ndddxs.com

accuratearrangements.com

wraptecny.com

torontomassage.club

ifem-ci.com

Targets

- Target
  
  Báo giá 2021 30 tháng 7.exe
- Size
  
  471KB
- MD5
  
  c9a3d8f7a9dd8083b71ce917f47b3585
- SHA1
  
  942bf56700fdac19501dfeb1f59f6e6337e6eca9
- SHA256
  
  b723bfaea352b22e8ccf6b100fdde75ab6db665870f8a307be193d6e321e5383
- SHA512
  
  6176595448c11151d1df8dabb22820b0239cfbf60d443d262f89c32fe099c4879b25ae99652a1fb1dd78b4fcbe4d41ed1c8dad72d962f25e83e0e9f569ed4dcb
- SSDEEP
  
  12288:OI35Bx86innnnnnnqtEa3TAj/AF6qsrJ1Wd6XSXeQj:O0hinnnnnnnqtmIE/rJ1YIBQj
Score

10^/10

xloader d8ak discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2