xloader

General

Target

b1bcef7cc5b197c29b48ddbc7061c648621c855121d5dab59b7688d096c666b6
Size

1.1MB
Sample

241121-y39gva1mhm
MD5

216a1170e405fa6aa6a2b2e19a71b71d
SHA1

ec85bb675b881163e6a64dd62d0f520632579600
SHA256

b1bcef7cc5b197c29b48ddbc7061c648621c855121d5dab59b7688d096c666b6
SHA512

b86b0f3224a388595720faa36ac4f3eb15a23a7ac3f6f0782d327c21fdd23cdaa8398a9543c35bef5ace00c19da3b934b6fe373e66c6aa855e8e964f66c6dac5
SSDEEP

24576:gwKES8gUJ6AR5uGXON4qIt7df9IGw+UIDCOptrX4wdsoksHmHrIz4U:m8gbGXCfU7df9TL2ODz4wds9E7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p1nr

Decoy

daas.contractors

cabanatvs.com

jinlowe.com

onbtwy.space

successportal.net

lodolamacze.info

thesilveralchemist.com

honobono-kobo.com

comouv.com

coyotecastbullets.com

pwotech.com

lakebernardcottages.com

sportsparadise365.com

chuyentrasauvietelonline.club

ncambiental.com

persiantrips.travel

binomo-market.website

girls-ish.com

yuzurin777.com

viaronsport.com

Targets

- Target
  
  4e084eb594dca69ba8ac628aa74dbe43fe6032a71f47785241f72e1a52dff897
- Size
  
  1.1MB
- MD5
  
  3702c5efbf064afe0436e61bc355ca94
- SHA1
  
  5760a5ed8d7d0b30e1c06530df6c6ef5a44de572
- SHA256
  
  4e084eb594dca69ba8ac628aa74dbe43fe6032a71f47785241f72e1a52dff897
- SHA512
  
  4d7e47565d3c9ceff0ec1ba1e7ae56abf85dec43511d362a4f3625b22729abbed0cbf3a32ba250b18e887535f2686a2026b32122776cf5435efd95396e3023fa
- SSDEEP
  
  24576:TG4N0uzw3OvrnKuzTBZzPVT8EhMykjeSnqhXx4QbUIx1/3a+t9rGsWapUf99VVx:dN0N3ODrB5dIPykjehxhUIx1/q+tZVkX
Score

10^/10

xloader p1nr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2