xloader

General

Target

d4c0160b065dd17429cf144ca3dd2424a271b968f9de7f358c19859de933f28d
Size

325KB
Sample

241121-2fmw4ssrgp
MD5

30ae35d224dc5d51ef0233eeed2cffa4
SHA1

59527d63cc520b741adb84737a197041c7bfb98c
SHA256

d4c0160b065dd17429cf144ca3dd2424a271b968f9de7f358c19859de933f28d
SHA512

16b32330df2358d76570d0470843b24ad994600bb4c62bcffcce45694a24a5fa1cb78cf82ae67f6e923d86df4bce3ae3eb778c7bdef9912cf6784e31095e2a14
SSDEEP

6144:TrRzFVv2vp/L7Gw78UUD4TO60e7hRf1be+3BdAyPVkNzV9:HR/4/fGr43v7hRf5eaJP2/

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

s9zh

Decoy

paintedinafrica.com

electrumfix.download

edlange.com

tqiawy.xyz

satiscenter.xyz

nc-affiliates.com

agencybuilderforum.com

testabcde.net

venisseturf.net

rubenvdsande.com

nzmatrimony.com

mdthriftsandflips.com

virtualfxstudio.com

communityinsuranceut.com

qqbokep.com

copeva.net

bookedupdaily.com

houstongrowmyairway.com

fortunapublishing.com

empireplumbingandheating.com

Targets

- Target
  
  rtgs_pdf.exe
- Size
  
  334KB
- MD5
  
  2a7387a3d5311f7c3d8ae5bd744314f2
- SHA1
  
  f4f9b8650afb973059b1ead62f6bab60e52893a9
- SHA256
  
  9affeeb392ec57f487776cb8da8e8abb89b3250aefa2d2f0b29997b0bd33d00f
- SHA512
  
  9990eb16fa0273bf02353e107b02d7743e9b9946228465126b511b5c4f974f26a7a72b73fa724d467d29f87aa0107270e7cef7b354f68aea9ddcc02f673e456a
- SSDEEP
  
  6144:L5R5dVv2Xp7L76Ad+UUT4pOu0u7bNf1bqWDBtAwP/kAGL:dRJm7f6/4jx7bNf5qwVP9
Score

10^/10

xloader s9zh discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2