xloader

General

Target

ff4191cd45c422846962374580ca87a9498a5195d2046aa482b09031821e8964
Size

1015KB
Sample

241121-2fldaaylg1
MD5

30a240d43753f338568c2072f7a1ff6a
SHA1

cde5cbf766f415e7f1331aa04986c5fed79a2797
SHA256

ff4191cd45c422846962374580ca87a9498a5195d2046aa482b09031821e8964
SHA512

c449a752c4d604f7c526145125e4e0f20f25f47e3a874c053b96adfd91ce3ab60864056ef2e5e7a82a4ef98b5b59a43b3bef3508ed7a1a9dc2ef5f5dc310c7b0
SSDEEP

24576:o7d03y4ytx99plP3oowyUiGT1IDugq+KMQB0COdF5/PqZrQuFazXdh5fL:o503y4yf8opdc19H+KxB0VX6rQnztrfL

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c46r

Decoy

petsfranchising.com

wpemdad.com

psikologtenaysude.com

bamdesserts1.com

sanjin.icu

mtdbooksnow.com

ycyxztjd.com

ref4drive.art

asik-qq.asia

myrecase.com

motherhenretta.com

duoduo163.com

bettercrackers.com

liveluxurylove.com

whitcese.com

pasang-iklan.online

new-transport.com

iumsf.com

svpcraft.com

shortbusfriends.com

Targets

- Target
  
  Final Drawing.exe
- Size
  
  1.0MB
- MD5
  
  bd8bbf1a258bc5708d360f819847b4f0
- SHA1
  
  0176aa8eac594513683dcbf3d691db721d13191b
- SHA256
  
  c15d8e554b95d2cca4c40e230109410825ca0547a6ce1ab153840f74206ac54b
- SHA512
  
  3bd8c706e5dd66d7ef5b514b4318d1c0de29d20a93405c40e572ba33be8b906ef4252b37aa127d103c9f447ed9cbec764a4332018d1f3406afec512e8c727ae3
- SSDEEP
  
  24576:gFAqJ/9KBndd5VcUt2y2uy2ZSYMCulEAVzvbu4i2m:OAiQBbc492fUcmwzvbu4G
Score

10^/10

xloader c46r discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2