xloader

General

Target

d852ccd99394e8ff281519131ab91e51eaf5c7e0d4dc6b46cdab383d75ecec1e
Size

754KB
Sample

241121-2faa1ssrep
MD5

d2e140d01298f41a26187b902e285296
SHA1

3cb1dc250623e099947cb34f677551da08de4e7a
SHA256

d852ccd99394e8ff281519131ab91e51eaf5c7e0d4dc6b46cdab383d75ecec1e
SHA512

542c144da3524737ceffcb1316c9877986a8b5d836e3c9af28177bee9f4ceb54fbb3a4e6909371454d44416ef669e749e1fe55082720ee7dcb177992390e6c28
SSDEEP

12288:dvQTVbXY6q2r/FIBsJYaTPgCvX2Q7LykAD5fLvbwh4NGZdx5xpeG7KrGBz6TCPgB:Yb2K4sJRL/7LyFLv82NGZdx5xpNSGBm9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m8gc

Decoy

nelsonleeoffers.com

profi-markets.com

bdstoancau.info

aminsfy.com

longshifa.online

sqadminnplan.net

0el.biz

fortnitegamers.website

28687jr.com

contentandconverting.com

069superbetin.com

kyono-butsuryu.com

lewandosli.online

8herzelstreet.com

doofsmile.com

kreditnekarticehr.com

usalandia.com

mysmartoffice.tech

bens-coaching.com

catlyshop.com

Targets

- Target
  
  3d2aeedacfc41b9882494188059bcf1c81160920d4e83fc1f604d0381bca9ea7
- Size
  
  892KB
- MD5
  
  4c19f4bccaada36995fb7f26629df873
- SHA1
  
  8c04357daf3d64a5f2fac82310472273d46373ac
- SHA256
  
  3d2aeedacfc41b9882494188059bcf1c81160920d4e83fc1f604d0381bca9ea7
- SHA512
  
  42c48f74ba8a194982c96623e0348d49f96768d1115ad9ce22a1db6221b1165e1de722d8c41ab34292117f3efe81007240d7f284fcca929f8dad4dc7e536705f
- SSDEEP
  
  24576:Dwpoi9hGoNIEooPVkAUQBEXPrFx8clMEmsx:DaqEoSBwfcOMEv
Score

10^/10

xloader m8gc discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2