xloader

General

Target

810f464547c07f3f60a5e929eaee77406b0c6a964b46f441aa7471415aefc118
Size

414KB
Sample

241121-2e52assrem
MD5

afbdc204b082080dd6c7e97f10186c34
SHA1

8ca5b20aec6d3689b1266bb4f40ba98ed973b432
SHA256

810f464547c07f3f60a5e929eaee77406b0c6a964b46f441aa7471415aefc118
SHA512

e11ac3dcea9f2dae9da6a5814697b5e077a32cac042b650a6ecea09e70831fa113946fb94d302147a1a273e00d04e5e3595582fcefad84479581c925c36d0fc4
SSDEEP

12288:inyy2UH6AdmVY8EY4xWsEx5Mt8Jo1WiTabW:Qyy6AdmS8EfxWzzMehW

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

imm8

Decoy

insteuctire.com

zomkeroad.icu

setiptv.pro

hk2good.com

writerby.com

giftebuy.com

siterising.com

learnsmartly.net

paanopinoy.com

jerikocreativehub.com

whitenoisestore.com

itownfwl.com

kumamotors.com

luxqueen.club

psychiaterinschweiz.net

sanchez-gomez.info

seriesplum.com

eagleweldingmn.com

6917199.com

kundantanti.com

Targets

- Target
  
  purchase order # 3061552371.exe
- Size
  
  690KB
- MD5
  
  d13fe90ba28506d6da905387249bc084
- SHA1
  
  ae86ea40fa1532425e7af51c4356a07d75303f91
- SHA256
  
  33a9702e83888498799c0144e3a3ac06e095aa452ce066a02a3860dcd90d6bb8
- SHA512
  
  3063e00f6081bb3e0305ddd828953bef896514a38345d1322ba0b39cb566a7969007c12574b75fa06811da06f4aa0dc5cc40756a568107d3da1c51e14702b960
- SSDEEP
  
  6144:xY0q7t5k5vNbHSEOJZMtqEZr4aqiCXbwX1wm2D/o8StukFUgpx7kGclFMWqcaP:iQTiMgSF9CXb0B2YLTpNILqZ
Score

10^/10

xloader imm8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2