xloader

General

Target

3c25c50ac4d4b59c19fef8587f60f6beee03b245be3db87b0dd57d9c55ea99fd
Size

618KB
Sample

241121-y2xfwswqgw
MD5

0acf83b285414fedfe2c44d630dab185
SHA1

913a39a78598688e7e5e158d5b7bc99fbc66c35f
SHA256

3c25c50ac4d4b59c19fef8587f60f6beee03b245be3db87b0dd57d9c55ea99fd
SHA512

fc82861e7349893756d844ef8984306099543c8c4faf621ccf6ce0481ed1428b8b331dc108acb82accf4fda42c2b17f3acd7739788a0d880432f7e5ea6bbc19b
SSDEEP

12288:MvpBZ2fa2cHpVOHBxfzfKyiAimJ5LBBoXKx7940lCMqbygGlFQVW:WpBZgNSpkHBx5FDxO0lCM1lFr

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c8ec

Decoy

kingmeters.com

thawoman.com

cannabisinseconds.com

3966399.com

grabopolska.online

krystalpacifico.com

quibii.com

wangzhanceshi.online

blog-techtalks.com

refreshlightingcompany.com

justrightmap.net

sewabhartidelhi.com

noharminmasking.com

speedysignin.website

schwabinsttutional.com

carbon2algae.com

pateleprevention.com

techsavypinaki.com

onemindafrica.com

flowerpeony.com

Targets

- Target
  
  1IkqDVJJoOriyUm.exe
- Size
  
  767KB
- MD5
  
  28c79bcde960ca27c06655939081ee5a
- SHA1
  
  be93ed67953224fdb1b94ffb07e5f9f475f75eee
- SHA256
  
  c1651e761e73dbb33854b22a17eacc13a5193d412cc56c5c9310a01270c4d972
- SHA512
  
  57aaf67ce83cd9dbfdf86a2f651da5d8f3db2dcba56a6fffbb06a19000155bcc0db5b8386388122b517da345c4a1116024af676514d45f8f2543a17397dd8a41
- SSDEEP
  
  12288:9bGIibLg1mIc7JEYr8mxJ3AXCmdKhaJtMR7bHjIY2hnjwXSPFqge5JOEPpBja:hGIiI1VzmpJwylhaJt0cnjXmHPi
Score

10^/10

xloader c8ec discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2