xloader

General

Target

43666a3d1bf6ba3d3e59e930c6ce5e14d744ab39a2781ceb88daacf6a74ad9b6
Size

229KB
Sample

241121-2f8tksylhz
MD5

2e84fd341cabe52bd07089969dd1f40b
SHA1

015a82268717fbee19846454c137e54d0039a545
SHA256

43666a3d1bf6ba3d3e59e930c6ce5e14d744ab39a2781ceb88daacf6a74ad9b6
SHA512

e1e2b96e1f7e6d863d273a5cd99eb7818cbd6db584fafe474586f749c2f0cc1748e7ee1b40634290ad2ee4a6d9c2027db6369ae4ebe7d0a3eb45284cd2321096
SSDEEP

6144:Ap8Mhbujx7rHUA7m0t44f5QXh/RxRXlIeBoNorDwvV:krQjRzUAJjf5Qx/VlIogecV

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

xc52

Decoy

thelukeliu.com

solarpointinc.com

41mpt.xyz

giangsontaikhoi.com

bqyiiq.space

aguw.top

xetnghiemdany.com

xn--jsrs15bbg5a.com

xcflora.com

socfasderldecv.com

vitginmobile.com

myvirtualtrophy.com

zubr-service.online

saremira.com

baoanforum.com

pizzafolk.net

clararsjajno.quest

beennow.com

sumou-sa.com

sondelicias.com

Targets

- Target
  
  5093699e2b2728073ebfe205b1e27778235dcf9aff5b7d25ad38f23aea9ec50c
- Size
  
  242KB
- MD5
  
  5458ee05655d3e4a69fd7c319c7324bf
- SHA1
  
  97ece65057682bfadba8b71284f42a5503fa66e7
- SHA256
  
  5093699e2b2728073ebfe205b1e27778235dcf9aff5b7d25ad38f23aea9ec50c
- SHA512
  
  770c7cf6ca443f913d8621db56447ac56abe137c0c5cdb7c77feaf024e6f6bc98a908d5e9bc425214961a252666f3a3fd4991c8dbb8b8af65378ad58b9d107c1
- SSDEEP
  
  6144:HNeZmAqvt7GQyo4Opdjv/Ml4TVS+8+1vcTjO+M:HNlNl7Gv0nMlWNh1vcPzM
Score

10^/10

xloader xc52 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  seuxwbcie.exe
- Size
  
  4KB
- MD5
  
  a76d9b231af273f403da413af9b6fe1d
- SHA1
  
  30c52ca472a94e2b9535468a84e19ba790472590
- SHA256
  
  86c1a081301f284a88a5e5e6004f4de35c01550119b159ba2fa43b144958e1b6
- SHA512
  
  25f41ebb2226a3b4e1f06d653345a1252d20a8fade7b6c2e474174cbcc6c071077ef849286fa23565d78f0cf55b9a5bd24c2df91916f1c49ec5aa090192a5aa9
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4