xloader

General

Target

fcdf8e723e5da87d205f6ec48074c649f3f944c8e69ef73badc57db998923ec1
Size

695KB
Sample

241121-y1frrawqas
MD5

dfe5c00d2a0298b5e2a7ebbac8e58902
SHA1

141ec4ddffaef078328ef32516a4a2c5d139b512
SHA256

fcdf8e723e5da87d205f6ec48074c649f3f944c8e69ef73badc57db998923ec1
SHA512

c02b271509c1f114bb298f56d4c44e9af7078674ae07aa84c10a8493e62cd26ade7a3cf4eb0de5b376eef29fe034dfa4146348773784b582f752540fcd8da91d
SSDEEP

12288:mlHbRhEog37VyOUub7uHk5BQEAg45G7ZnTr1uMu36cAQLMiQ9Jax5Gvrs:elrg3hyvu+HkphThuMuKH/9Jax5Gvrs

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pz9b

Decoy

gochili.info

cyberdatadefence.com

payonbux.com

candiceswanepoelbrasil.com

mykaoa.com

tanabe-kanagu.com

dovetailgoodlife.xyz

alabasterautomotive.com

tajc.club

authwdqtsi6sojynof9gmazon.com

cookingguides.net

yah360.com

berriq.com

freetoreview.online

yachtsgoneonline.com

clothestokidsri.com

howtogetstartedwithfba.com

simplepartyplanning.com

sunrisekai.com

wealthfarmer.net

Targets

- Target
  
  Order.bin
- Size
  
  781KB
- MD5
  
  5bb832062f9c79305f4a49e404534386
- SHA1
  
  419733fb51fa058a7fa4337c6d9b8b370c214230
- SHA256
  
  dbdffd74b6ea1de962cb1e64468cbc4cac545311c1bc3eddfed142fb57125002
- SHA512
  
  ea9b8683bd01f5066442f1ac11e4f253891c24a9ee4c02b9277af89a9f87f72923f1acbc140df2133bf87c1fe42e15a910fef873e981878b5d63f507e7e1c986
- SSDEEP
  
  12288:2JZaF9GF2zrySIOBLpO5V0ouuMHrgBSvsI7qbBgx0r88WlvZK13Yjpr7AFb5VR+7:JjaSIc6Juu8QSUIDxlHZKedrWbRFef
Score

10^/10

xloader pz9b discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2