xloader

General

Target

0c22d955534174aaffc23beb8b9fcee098a6f450ed1e5ac792a28d866089a035
Size

281KB
Sample

241121-y2jvsswqex
MD5

c03bb9b9ddecd2d7758df2f1b47dc5ea
SHA1

2566bc7b0bf121113f9eae5eaf804f608dfeda5d
SHA256

0c22d955534174aaffc23beb8b9fcee098a6f450ed1e5ac792a28d866089a035
SHA512

1f532112032916ae39fd3eed911702623c2be26b38a19b01cdc46d53227b653e60499be86bbc8f1b626d46437247ca75a7d683230af287ba56491c996e75d928
SSDEEP

6144:sVBhrMdgGifB1tMmo5ACS9v0ayh/SnJxLR3g5x865mBC:sVBhQmfa5n7aJm5v5mBC

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

Decoy

reviewsresolutions.com

binhminhgardenshophouse.com

nebulacom.com

kadhambaristudio.com

viltoom.club

supmomma.com

tjszxddc.com

darlingmemories.com

hyperultrapure.com

vibembrio.com

reallycoolmask.com

cumbukita.com

brian-newby.com

abstractaccessories.com

marykinky.com

minnesotareversemtgloans.com

prasetlement.com

xplpgi.com

xn--gdask-y7a.com

uababaseball.com

Targets

- Target
  
  OFFICIAL PO 1143 FOB QATAR_jpeg.exe
- Size
  
  347KB
- MD5
  
  f826defd978e74a09d47ad5cbe2a6c93
- SHA1
  
  6892b6ebc8301ac535af2391aa0563453082fa4f
- SHA256
  
  2aa4e557d70c43b63c4c83dae89a00b09ded7c16317a30cce69d8b44c4ae2c2d
- SHA512
  
  44f3e9d07b4b520a5004c11ff903fa2868a423d062fc5f18c7faf0b45343d593db75a36b4585729b95488616a490af1facb66ad98a2d5f061b78021ba9f1c811
- SSDEEP
  
  6144:pF49qqKGPBcwqh3SBYA4444444444444BffIq2DPzY1vPT+hn7kg46meJl+Ku:pzvGPOEYdfvEzY56kumeJl+x
Score

10^/10

xloader b6a4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2