xloader

General

Target

7bb7d09c6209c0fb8e92a3a86b39485325caaebdc6a7198cdb22543c5456afac
Size

209KB
Sample

241121-2f212asrhr
MD5

7e13730c0387da2242859c44f03d70e0
SHA1

3e3ad5c2a70ab63401f84c776446e98d8478f606
SHA256

7bb7d09c6209c0fb8e92a3a86b39485325caaebdc6a7198cdb22543c5456afac
SHA512

7e30526bc0046b86d208d6282973fb337e4892b444f37889d9bd44b740693919b419f96150498040381263d324b315c8eff2bb8c6e96aa7682922956453ef3dc
SSDEEP

6144:ai6zSO67EWF+c9fxOWZI+JS8hLypSqGRPXMIlISFPB5E:Z6eO67fFvfPZSELgmPXLlISRB+

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

vc6e

Decoy

123lejeu.com

services-ti.com

iseekwithin.com

linkdbs.com

bibproductions.com

chaybo247.com

bondiblond.com

amandawilsonfamilylawyers.com

kbihualhamdaniyah.com

littletykesonline.com

circleofrepair.com

kingcartermusic.com

axqal2.com

dscfpro.xyz

cooltoysshop.com

enzocatering.com

skertyl.club

precommgateway.com

maddie-blake.com

malvinasargentina.com

Targets

- Target
  
  form.exe
- Size
  
  230KB
- MD5
  
  6793fb6d53313bfb9cad49e99152c498
- SHA1
  
  9fafd6276cacfa7e4aa767535e205e185ed20c70
- SHA256
  
  269608be45a4ffa35845b89bb8a319e729cc3db898c2f4ed26017efe9a2d3bb0
- SHA512
  
  e8bb194b5e1bc773e1f26c6a31382b88b595eb0c6db0b498eac3b8167a5441e5eeab53eca3186cc3288c10ddb2879a70cc5402f7ebe9c1a42582955a8260cf6c
- SSDEEP
  
  6144:pXQT0WFCTFZrEFb6Qp2p8qGiaXMYlISFUB5U:pgT9Fu7EF+QwJaXllIS6B6
Score

10^/10

xloader vc6e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2