xloader

General

Target

24a6937972322f9010713e46770c092835a064a4185a7ea6444054fde57e6c10
Size

291KB
Sample

241121-y1r5sawqbw
MD5

b019602d21e5846474283d62d1357af9
SHA1

4d54e1fae3152c55721dd37167aaeb770e642729
SHA256

24a6937972322f9010713e46770c092835a064a4185a7ea6444054fde57e6c10
SHA512

bcec56af12ed4edcd6b1f115fa73498f7f9aab7aa40a1054ca01b5a7753df6abb124718f746216208f05b9e5664a49b0949fb1c887e7f73fddc76cf92818047e
SSDEEP

6144:5xTFq9hnXKdnydWFskzl3T2jqhqk2kfztMN/rj4zR/HmtB:z5q9xad0WFsEq8qk2W06BGL

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

0pu8

Decoy

washyearwake.space

s-takata.com

sattadelhiborder47.xyz

watch-tbn.net

hklawns.com

schuylkillc.com

brightonbybench.xyz

treslrefinance.com

redwoodwomen.com

les4asdudekhockey.com

clarityandflow.coach

d-spor.online

1agiostratitis.com

ai-technology-online-ru.digital

eightstraps.com

qingus.com

it321.net

cryptochatr.com

swguangna.com

jax3.website

Targets

- Target
  
  2640ec73eb8aa419bbcf1819bb1062dcc7bbc8a1ec30c1a975e80e3182449f67
- Size
  
  423KB
- MD5
  
  f4367b0139952a0f2cf8a669484f35b9
- SHA1
  
  d5a34c1fe6fa4ae0d9430de94514b150041df431
- SHA256
  
  2640ec73eb8aa419bbcf1819bb1062dcc7bbc8a1ec30c1a975e80e3182449f67
- SHA512
  
  330dcbd55d7fa54aec5ab99cd559d414db585bfccd5dcb9a307796d6541ce781e369423042b8d6f2f8c7059a265a78f75f42748e40aa73aa438ffa762bd80449
- SSDEEP
  
  6144:9wVQx8ayrbor77JaQOCzixo3wFnK0+pDp2WyULR5z/ug:JxPgUrAQOE02h1bTzWg
Score

10^/10

xloader 0pu8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/hvlovmp.dll
- Size
  
  4KB
- MD5
  
  326a702abb396435221880fd71450249
- SHA1
  
  62f5a8e24469859250a5630e5b9280b8472e5a56
- SHA256
  
  f936817179febc934e8fa271aac522f989e6a6b43ebf42a44588f71ecae79042
- SHA512
  
  3018fa492ecbba49350db3f93df5f20852a47dd363315704737b2abd9c70bf86cc74858572a267e7fb79f8590c064ebaa0024ac84b41fb7fb684a3c23f7da615
Score

10^/10

xloader 0pu8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4