xloader

General

Target

cce33ae3f6893af9e24964cc00973dfc3d3f1fb631a97f6160b85d548ff9bf46
Size

587KB
Sample

241121-y29q8a1mdn
MD5

023435308cd4005117f7d5df56812719
SHA1

2759ee868445bbd39311820c9e170fe7cc836a93
SHA256

cce33ae3f6893af9e24964cc00973dfc3d3f1fb631a97f6160b85d548ff9bf46
SHA512

0859e97e763d491388f6b78fdcd93ade3d286dfcd7e18d7a535535ae1d90b32cf891211fa743e6ac29e8a37211644766bd21b8412dfc86af338041df385df24c
SSDEEP

12288:2fCQPOFbEEdndTeOJoF1l5owte6wn74Ja/5Rp4TFeZB0lg/VDiHq1/v:wPOFoGdTeXF10wO74JLTFej0lg/gqRv

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xfts

Decoy

dailiesplatform.com

krlanka.com

koms.info

chesslearner.com

softwarefully.com

yogiplayground.com

learhee.com

faithbook.info

pepperrefo.com

kratochvil-elektro.com

artbyg2.com

123-e.com

levelupyourbody.info

ecommercebusinessowner.com

floraseriestrilogy.com

sdyykt.com

swchof.com

huaxinhui.tech

sems-iress2016.com

vasudhalibrary.com

Targets

- Target
  
  proforma invoice.bin
- Size
  
  952KB
- MD5
  
  e47b1ea33b1abf2f4fb8ea4033085f5f
- SHA1
  
  b03c03eaabbb7a9f400004115a80087f49c7d24d
- SHA256
  
  2f149eeefba021804e56e884c6a0b9b20a0205104976741b9f7255ec60e4872f
- SHA512
  
  e4ec9343ae245a4fa2ba47250cd334adb15a8071df54b6eec5db3f5214044135cdee3da0d17873df7837f567b1fd38657d19e401e39222f34bc4966db979e033
- SSDEEP
  
  12288:9iDerSToYkbL9AvIQYci7fep8aLBdi1WWbdNIQvr5I:99bJATYnCr21WCdWA
Score

10^/10

xloader xfts discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2