xloader

General

Target

a36aef6ecc3d4e6e893478c6bdae8ff2494c18beb63f8afd779d88aa74b1de23
Size

330KB
Sample

241121-y316gawraz
MD5

d4e3c6cf8ba5fe11168f4b89d47c3cd7
SHA1

1e8503070353b6b2d2e8c0dbcc1ae27ef667f9b7
SHA256

a36aef6ecc3d4e6e893478c6bdae8ff2494c18beb63f8afd779d88aa74b1de23
SHA512

7eda53ae9cfa2f7afcf32a29fdb6d51bc82fd6e9860e1493c6b9f98841123fb3f525c31139021c65be57d84d833db4a082bdc1bf3e4d9c6e8ce8868880d2598c
SSDEEP

6144:Di6dqh+67cv1XkEH7gKVFBtAlYK+aNt+W5BDWLN8o6TNQPoXA6:DXqw6gv10i7gwFUyK+aN75FWxn4X

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

cxeo

Decoy

realtyfindr.com

littlelakesranchcattle.com

mortgagecollective.online

cortenlogistic.com

healthcaresupplyinc.com

abc1229.com

johnlambertsen.online

yasirweb.tech

1398toftsdr.com

chordsofdevils.com

hemetcondos4sale.com

hdtvstoreonline.com

ultimasnoticiaswfmajide2.xyz

soutu6.com

lastmilefast.com

glveye.icu

countinesices.com

savenroar.com

reiwa.cloud

wendsoue.com

Targets

- Target
  
  Saipem Global Inquiry.exe
- Size
  
  395KB
- MD5
  
  60e43cb34adba8f064b71e6fa476c7e3
- SHA1
  
  64478dec763afe853f0738d0a64c3734fe7e2b7c
- SHA256
  
  d29a75e7c31ae88634a19392137bd4c94d6cf4fb739e0e64eb5624a4a7420e68
- SHA512
  
  ffe8d1c0bdb14ccf4cb3c9ec3e1250dd85e9c2d575c0678295b712d8016787df29c18648e48deffda311ea26ca4a8e2b54a59eb797f80ee7675a9d533a8c1fc7
- SSDEEP
  
  6144:C6tE6ERQ+3HwO1CcM6RrNev6sKxqfLpEQKk9tF99s2AQuro8Fnh3fOpneW0:CEESo1s6RrNcKwLCQKk9tF9mQOxWg
Score

10^/10

xloader cxeo discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2