xloader

General

Target

e5b74e12b53054b4ef7bfc08121241d0f2432f7724c2feb08a83a5ba149c39a1
Size

713KB
Sample

241121-y2abcswqc1
MD5

1bc5a925b26148256fccef65b50170db
SHA1

a4356af642e9b7b0d6d9726f66ff5cceaab0b9d3
SHA256

e5b74e12b53054b4ef7bfc08121241d0f2432f7724c2feb08a83a5ba149c39a1
SHA512

f289885f8540dd17c73393fa5c5907cd26476c1d95fd308d4006d44fce0f20a6038411e6225dc78ae64990fc626dd19e9887ffa6a2c1f1413c2e94d44dc7307e
SSDEEP

12288:J71r9oZf5m55D41exGaUkpIP2LlGQHvl6QAbS+SzCEUUvaoqTDKSkJqVkpjFa7:J7p9oZfsbD41exGaNi6/Hvl6BS+Sz/Ut

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ixwn

Decoy

drmarshaskinner.com

lovablebrows.com

cnfmc.com

post1fr.com

54243474945delta5424.com

lauded.world

clansix.xyz

swipesells.com

au-hokuriku.com

alyxhoulie.com

kuponbank.com

unicdn.xyz

stearmanestates.com

shmily.life

hennessy-maluma.com

czechagents.com

zywbiiu.icu

gree-th.com

naturalboho.com

plusometer.com

Targets

- Target
  
  ebceba62910d7167907d9ece3bdce1dacdf778e82d07801478e0240621100b25
- Size
  
  871KB
- MD5
  
  4a18a824aecef26f86a454b0a568ed55
- SHA1
  
  96b62057be687eef380d5d580003719aa5c6f32d
- SHA256
  
  ebceba62910d7167907d9ece3bdce1dacdf778e82d07801478e0240621100b25
- SHA512
  
  c8b9383b281fddb4a82a45271513de43b2a82454fdcb4fb55b7797d53d8a16c7018b495cfbe0a5c90feaf6ed3158c1197dfc3562a32fc53e373a0a8780cd59e6
- SSDEEP
  
  12288:uWK3n3qGaNHEyC9/oR9gy5FHK7zMQSGedS0N2hIbUKf8DZAiMKRT1VOeJLz2HVJ0:uWKnPp9AR95yv0dS0wIP8DZAiLT1FU0
Score

10^/10

xloader ixwn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2