xloader

General

Target

70ff5531266e50185741c8f6712956e34873c87d1bebafda6d286f2a5400d8ae
Size

556KB
Sample

241121-y2qy4swqfy
MD5

4e6a046d49171f072e1cde1f191c3759
SHA1

d304f2c6e0117602d4374a5a643057b3314c6550
SHA256

70ff5531266e50185741c8f6712956e34873c87d1bebafda6d286f2a5400d8ae
SHA512

9f1623b8369f413e5f213caba4aa0bf82658786c0cac13f7f6729869db30f7b7ef8ee3a4436ca4c1678cff8f9457f2de3bedb2467cc663ac381eef663d3aff59
SSDEEP

12288:ModzohpRYGh7cngpKIWPMG3I+zu0T+iq+pUg+0oOq7/:BdzohEogngtWq+zu0Rht+0xqb

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m3ci

Decoy

424964.com

ocean-breath-retreat.com

icidedansdehors.art

wrochtthurl.quest

6455gfg.top

dgfipmailservice.online

banjofarmenica.com

dkcazin.com

jobs-fp.com

karens-kornerr.com

parmaesq.com

nuevochile.net

inputsquad.com

consultacedula-sep.digital

taogoubao.net

gimmesolar.com

bluelacedefense.com

grandagent.club

warqatalzawaj.com

getvirbelanow.com

Targets

- Target
  
  4e7c66e1c2f9dae5fdf45d434a77175c7bbacb110f60a4a2a4b29a1dc6625d25
- Size
  
  688KB
- MD5
  
  4c969dd62718394edafdc9d8d395a7e7
- SHA1
  
  10e3bad2db00ff95eb312d6d3bdd7d9f6e0dbfb7
- SHA256
  
  4e7c66e1c2f9dae5fdf45d434a77175c7bbacb110f60a4a2a4b29a1dc6625d25
- SHA512
  
  5bee7349a174f710c00b347843358cfb6110c7169e47ba772bd3b0b4ae34076a7a0924febce4c303924d903dffec8e5987556298cb19e2d56e5bd792b72b2aec
- SSDEEP
  
  12288:Ge0WDJvB4mouTniJRVtJPplA1d635HWU/bNVtv0o+lIWgjjbEf/UWwGCS7IDKUVD:GebZAuT3gjjbEf/UWwGCtDBV68
Score

10^/10

xloader m3ci discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2