xloader

General

Target

ad6fd936aaf948517474477f1bbaee36dd049eb4d0bb050e452aa224597a2418
Size

411KB
Sample

241121-y13ara1lhq
MD5

830d391f62b763c30433fb10fce7616b
SHA1

82bcec4cbe292eb4032f0aadce7b474012c80aa7
SHA256

ad6fd936aaf948517474477f1bbaee36dd049eb4d0bb050e452aa224597a2418
SHA512

1582e297afb8fdf6f88f66934bc83aa6ac1e212583b59f85cfb0b33c79ed5ce443c2c1ea612845315ac71dfd65ef6af19ee95e081c5ae4733b23a30ae3929446
SSDEEP

12288:7TIH4hpOd4EU/H6+d5FffR6qCkJRNz+K1mJNCX5:7TIH43OdkCwVZLlRNzd1mJS5

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

agsj

Decoy

xn--28j2b5cd.com

180926.com

smartas3.xyz

agestrip.com

thefirst-recruit.com

k-sport.xyz

melhorvia.com

villacobra.com

raphiademadagascar.com

bp-marketing.com

lieb-ich.net

littlesagrivet.com

arcsystemrepairturkiye.com

brentkharper.store

cash4spaceships.com

aosmarket.com

apicolacuartero.com

osmium-institute-serbia.com

bhomemaintenance.repair

everrbridge.com

Targets

- Target
  
  2385821f2732aafbdf3ddde31c314ddfaad694ad9261e4b40961b61a1a78cf64
- Size
  
  569KB
- MD5
  
  e5ca4e9b98bb8bea3c98327827243f94
- SHA1
  
  c236a8324cc19b40d8149f3939385a7f8339023b
- SHA256
  
  2385821f2732aafbdf3ddde31c314ddfaad694ad9261e4b40961b61a1a78cf64
- SHA512
  
  27ade4f6eb3c7eacdc85ed07244caaaa33dd60078cf3a56b207831f43e840c9555fecb92091579c201f00704e1ab66f95b7308981afc909a75226a970a2a54df
- SSDEEP
  
  12288:LSnNHDD2+WHfsWKb5fkusS+SCDUSqGXmJuA6hzVxBV9E90Jsok+4:aNvn+DR/WLgpE90Sop4
Score

10^/10

xloader agsj discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2