xloader

General

Target

3fcf2a3b13acd863a44373c981dcd8ed64b779518791cf239b93b67e67b5b034
Size

304KB
Sample

241121-y1zjvs1lhl
MD5

e0bbcaa14d1d5006b4b83cbca29632aa
SHA1

68db6e7206e4885e23e78357bcecbb340363e1fc
SHA256

3fcf2a3b13acd863a44373c981dcd8ed64b779518791cf239b93b67e67b5b034
SHA512

7f92b931ab3788402b23ae75041e2cf0ab4143e2d6ba6261d134fd0e6f2b727bae50bf7a1e773568482273472da8c5ccff339b3a952642765d702bbdd7f3124b
SSDEEP

6144:+Qk5Nll+IAvGaNhauT4ua7nFldQ2GEP5NWhfDZQ:kF+Ga7aQarF42GEP5khbG

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nazb

Decoy

polypixelarmy.com

dppu56.com

prayrowan.com

favoredysxdmg.xyz

swichkickoff.com

suddennnnnnnnnnnn06.xyz

your-own-vpn.com

ban-click.com

digiblogofficial.com

frugaimoms.quest

longoriaamanda.com

moonelegant.com

americanpawnaz.com

riverflowmassage.com

theresnosomedayinbadass.com

sacredsolomon.com

mkperfumy.com

yavastudasuda.net

votewhosright.com

lovetoconnect.net

Targets

- Target
  
  3db51e29aef16473b5febc21b1f3a8024c8da7c2b7f5600fbc5324713f5fd7c9
- Size
  
  315KB
- MD5
  
  fcbace1d61896c77315c37d60ac0e8ba
- SHA1
  
  c5a943c52d2479b2acf25b74318cc35fb7463ce3
- SHA256
  
  3db51e29aef16473b5febc21b1f3a8024c8da7c2b7f5600fbc5324713f5fd7c9
- SHA512
  
  d3817c88a7981b6356d43695d98ac45613d2f5708a31e9cfefe574bbce0d5b607d75b8935b7c712d8b00ff8c24a350e2f1920cdf143d427026c750af14354a9a
- SSDEEP
  
  6144:TxDXn5Nll+IMvGQNhauH4Ia79FldQ28EP5tWhMDZ7:NVFiGQ7awaJF428EP5EhAV
Score

10^/10

xloader nazb discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  zqmpr.exe
- Size
  
  168KB
- MD5
  
  ce74b4dac6b9802e4706f44a435a039d
- SHA1
  
  592ec006650f8d45a6082cf4d13644133208be35
- SHA256
  
  d5604be362dd75dd20212e628dfbf6eb894e0ed6dd4e31aa09b50fef60dcdcc3
- SHA512
  
  5fc8a5f9719f7f258594b04d10a172899b470c1ee06949d9e9a1b2c8a4fe0d0472c5feec62271c4c0ebe27caa0fc704992ca0729d952a92862cf2746621ec6bb
- SSDEEP
  
  3072:ic4Horf5X/n8eXZHTFGAfU7VKXHGHggYOdDUbGZY:i3y1/n8YpDCVKXHGAg
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4