xloader

General

Target

bdf397093427714347a5028c9ba9476ed1517fe605bb9650dca2bb36d9799c7f
Size

709KB
Sample

241121-y2143s1mcp
MD5

eb0d416dc29b8017b536cc97511571cf
SHA1

fc6c536d93a8da4acafdea6c820a259201d70ad6
SHA256

bdf397093427714347a5028c9ba9476ed1517fe605bb9650dca2bb36d9799c7f
SHA512

5b45e23bfb5af36065c57bd4aa422c16d70a408ac9b576bba9c7ce8a9f397d17d04d007c495835851508421fef6d2c943e7d50622697ca6fc980527ce5167c6a
SSDEEP

12288:9WvbjrGI9DndOng9bcblv2KFy5D6xTevA33uwRJh3lnZE7z3/PPKKxuxWef:9Wvbjrj9DnPbOOKF264IOwRJhZZGPPil

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m46a

Decoy

conventionline.com

ukrules.online

rhubarbsloheu.xyz

csliangzhi.com

extentionbyyegane.com

snikido.com

holidaycheck.cloud

docomoaz.xyz

torrentinfo.online

arabianelnuyg.top

integrations-304vjp.xyz

newbalanceclearance.xyz

riqnahbww-tui.net

fendoremi.com

oneportalmegastore.online

onlyconference.com

cannabisbeertoken.com

assetto.digital

kathcorp.com

7075aluminyum.com

Targets

- Target
  
  72dc174480feca1dcb4e4f3bd6810dc141d51262329b6529ca405537b9273c28
- Size
  
  812KB
- MD5
  
  7aa2115149b7facfb16e18b081c7e0f8
- SHA1
  
  085f3b76e733f557966031cce2459f7290136cf3
- SHA256
  
  72dc174480feca1dcb4e4f3bd6810dc141d51262329b6529ca405537b9273c28
- SHA512
  
  29e7480a30b1aee1bfef82955312aeaee65903371b391ea3ac3f85fce4e2ac5da6385b4c7c88853d374ed4c7183b65c829e9c21e1afbe503f1cf239c4c17a36d
- SSDEEP
  
  24576:+memCwOrJpz+oGTbOEVbpfY4tUtvNRIQsfp:0Xf62vPsB
Score

10^/10

xloader m46a discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2