xloader

General

Target

76fa28512d1877143b820dd3b97b309190733fd06648927869a8e68022947139
Size

308KB
Sample

241121-y33dja1mgk
MD5

ed9b3b4301a530ce049ff029f5f1d300
SHA1

8e16b7409789ee06e2c73db915ce182a92b3b5bc
SHA256

76fa28512d1877143b820dd3b97b309190733fd06648927869a8e68022947139
SHA512

8c1e77d2607d52e6fcbc9e01120ddd3053100420419491e7cbf49731e371e65f836ecbe9e960387557086710264550c0cc97c2645f652777678f957ae8810242
SSDEEP

6144:nUucSSVYxfY+G7902ebgoACNzin6PRbOZA:nNcbKG7LDoAKPGA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nqs9

Decoy

lgingood.com

shopgeti.com

christianuomo.com

sportsxuk.com

markidesignstore.com

tjhuoliao.com

docomobb.xyz

ilrespirodelmare.com

kfconline.rest

paramusrepair.com

w3zand.com

unguamtruppe.quest

bethesdagardensloveland.net

bostonstretchlimousine.com

yycsmj.net

creatorgela.com

bestalcoholfreebeer.com

jorgeforfr.com

dlzxd.com

rajaranicoupon.xyz

Targets

- Target
  
  Order-940211730-pdf.pif
- Size
  
  316KB
- MD5
  
  48f5cf7cce8a7c481bd42065f64cda06
- SHA1
  
  573b9f300a295e80c5d61f676b3cb847db5c9a17
- SHA256
  
  8469a2a0268409d60d0d78dec451e520796106f8920dd4476e8fac728d0cc9b9
- SHA512
  
  a56bf21244448ffc0bdfb72e047ab8c2eccab9fc1f56c3afcf1d5bbc11390b711fac8b826ec297d716ebdf779013a91c390d7587e0efa9473fb25c37346502ac
- SSDEEP
  
  6144:owzgftmXE/z/dijeNOetfxvsgPzIFXrIN1QXghMoMhkC:ofFrrNJfxvPPzIFMN1QXghMoMhkC
Score

10^/10

xloader nqs9 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  kmnjg.exe
- Size
  
  170KB
- MD5
  
  53face3b36237ca409c4f8c277842fbe
- SHA1
  
  bca858bff9d11ffc6c5772c01aceee84e52a8eec
- SHA256
  
  8a4451db9a95c45c952c228c36d5976d5d9164077d6c9969f9206b6248963f81
- SHA512
  
  813ea54c1b643f5f4222bb97f82a73bcc07c9fa3ae459a748936dcff810caf19cb9771e09035e13efc1bae0ad611647dad0862d9132adf92bf01abfa7e33e31f
- SSDEEP
  
  3072:aD1ox12eClvt/E2AVnqybemkYdUY6U+5bpULkXq0b6:a41DClZQq2uYCpbuh
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4