xloader | 4603e9b4de577e9a750d57694f79b502c0eacb9c154bc0a874a39056727a27e1 | Triage

Submit
Reports

Overview

overview

Static

static

3

DCC_PO001070322.exe

windows7-x64

DCC_PO001070322.exe

windows10-2004-x64

Sharing

General

Target

4603e9b4de577e9a750d57694f79b502c0eacb9c154bc0a874a39056727a27e1
Size

513KB
Sample

241121-y37y1s1mhk
MD5

be8561c2ed7de8e785d2c5b60eb3718e
SHA1

661759e1b4e61bfe2276b49a023fba1cb5de3b85
SHA256

4603e9b4de577e9a750d57694f79b502c0eacb9c154bc0a874a39056727a27e1
SHA512

f5bdf65b43ad9dc2f3c5febb86507be6112f3432c6425527b622aea98586b0e544ff1562dc3afe73c6ae09c28cdc5dbf195bf1ed722666311fb7fd544ce279b7
SSDEEP

12288:BhGJDGl8yGHUataSpCMIlkm3Pr5OPF6DxyuAo2TPiRJYNk5v2dOK:OC8LUkIMIxdO4DQux2TPWYS5edOK

Score

10^/10

xloader yig8 discovery loader rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DCC_PO001070322.exe

Resource

win7-20240903-en

xloader yig8 discovery loader rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

DCC_PO001070322.exe

Resource

win10v2004-20241007-en

xloader yig8 discovery loader rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yig8

Decoy

lifecallingbootcamp.com

atlantamobilethaibodywork.com

pear-works.com

ffmagic.com

thenewivhubboston.com

bemusedwsettr.top

beausoutdoors.net

tminus-10.com

pinnacle-legal-services.com

maralgroups.com

easywhiff.com

dentalimplantspracticesbcan.com

monokrom.art

fadak-njf.com

eco1tnpasumo5.xyz

gites-cougousse.com

pittsburgheyecare.com

acami.art

highlow-bnr.info

azienda-agricola-stellino.com

pbrith.xyz

dxalo.com

sanfireman.info

lubianbao.com

amangaa.com

homiyak.com

mytraumatruth.com

multiviewnews.com

odcp.top

maxcleanrobotvacuum.com

smartlifetokens.net

cryptome.net

jadedareromance.com

paintingindays.com

choctawmoccasins.com

arttnft.com

freshhyper.com

cis136-tgarza.com

diversitypenn.com

ifadc.com

hhhuman.art

leanbellyofficial-store.online

capitaltechcorp.net

digibizvietnam.com

gatiosmanabad.com

sandraksullivan.store

mynba2k22.com

mindhackinghypnosis.com

sneakcoins.com

euro-farm.com

huayfever.com

veneratedgroup.com

chasetravel.info

lonestarpickleballacademy.com

skitzot.online

laundryscrub.com

c99shell.info

stropstudio8.com

cryptobittoday.com

115566.club

bigfantasy.club

wawholiday.com

249vialara.com

dedegemes.tech

switchyardcharlotte.com

Targets

- Target
  
  DCC_PO001070322.exe
- Size
  
  831KB
- MD5
  
  3fcf09742679131c0e4a202b27503a5b
- SHA1
  
  89a9926ffa6e44f4a38ea5a6f5ea768d29be0715
- SHA256
  
  2710360c68d0074ff1ec1eae99a680106bd6076b2602ad94025bdeb5b2779da0
- SHA512
  
  3342ec3a1a80872937d3d71145ad8f0e4d830f6dca69890c985081fb9b876319637c7a0cc63d7db2bbe9e3dc038385482171b483ce64f61527367755b8eb2f3b
- SSDEEP
  
  12288:Z/xpFtK4DZFUswOeoQeuNNZz0PytzIx3GPvibvUWORFkS41a6EAmD:9vFtKKZcvo0z/9Ix2XibvlTa6
Score

10^/10

xloader yig8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderyig8discoveryloaderrat

behavioral2

xloaderyig8discoveryloaderrat

© 2018-2025

Terms | Privacy