xloader

General

Target

6fe5f9776feb1cd525c980cefb016febf1f33bb8c5e47b4ac94a97e5c7f5354b
Size

765KB
Sample

241121-2edl2syldw
MD5

9caedf463927610e806149b1fdad936f
SHA1

cd3a3f8bc76860d764ccaee6867f669bfc3e8bb6
SHA256

6fe5f9776feb1cd525c980cefb016febf1f33bb8c5e47b4ac94a97e5c7f5354b
SHA512

12a7ad5095883792c2e08c321c84310cfe32333c39cc4d0f598af9701cb68c3725b10a17946af350d09c904d80c222ce7b10befe53cd82f0ec2b46bad76a7266
SSDEEP

12288:ZDXIJSnvB5gev7tpqIWeembGdlapXQObfW1J7WHpnst5pcsRKJD2IpgVLoGsd:ZDXWSnvB5zW5amOTQgpwriD2dFoD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rnn4

Decoy

saruroman.com

backendfurnitureconsulting.com

invitadito.com

aqemelearning.com

unitedphonerepair.com

xn--l6qt3dk7equidt4a.net

us-pride-day.com

refund.homes

gilanfarrconstruction.com

856380691.xyz

aerolabqhd.com

collective36.com

binhminhxanh.club

droogskateboards.com

thinkbest11.com

realisticallywritten.com

elderlyjustification.com

betteraff.net

freeworkpays.com

callistatease.com

Targets

- Target
  
  Enquiry#List For Order070621.exe
- Size
  
  1.4MB
- MD5
  
  3569ede0aa89e4e45138327e7fbdc182
- SHA1
  
  c70ae89d262a8d56982d9a2035ae526f3092148d
- SHA256
  
  72ea41f7ce02b41072d1dce424f9e4a2a7c9e414c1038d26a11f685a3371473e
- SHA512
  
  51ab6044068a2c5a3a01d5a20f35803bb6cc347c953c8cfe0a7692e8215ed48dace8f90391c9c9262dd9af6532b9c6fa1c77e3a424fae3d9d59aca1237f9222e
- SSDEEP
  
  12288:1ob5aIMVjLz7T6IiOcej3gVZsZZZsZoReMHakDjBW8BBJOsUwv+uEPzxvaM/HgOg:piOtReMHl3zJTUkBM/A9HVWVaPTnpD
Score

10^/10

xloader rnn4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2