xloader

General

Target

78f5def44acd5d3cabba6672cb7cd3df15553e33a89c92e324a4675c54babad1
Size

1.3MB
Sample

241121-y3a92swqhs
MD5

6eb5d3c86a8d2239d0daf6f87958fa86
SHA1

055563bacdcc22f0b2fda5b9ac446adad6d9552c
SHA256

78f5def44acd5d3cabba6672cb7cd3df15553e33a89c92e324a4675c54babad1
SHA512

c56479309f9275b580921c8eab94525eae4715a7d12637bbeb1ae47babd1e414dc9cd9371a53beca4252e980ecf1d7ff7617185a2c8fa1a8b1b5c723e9029887
SSDEEP

24576:O6mc+CT++6rAL3J7jdiSRAgE6mc+CT++6rAL3J7jdiSRAgK6mc+CT++6rAL3J7jP:ONcO+0i53diIA7NcO+0i53diIAjNcO+d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m3ci

Decoy

424964.com

ocean-breath-retreat.com

icidedansdehors.art

wrochtthurl.quest

6455gfg.top

dgfipmailservice.online

banjofarmenica.com

dkcazin.com

jobs-fp.com

karens-kornerr.com

parmaesq.com

nuevochile.net

inputsquad.com

consultacedula-sep.digital

taogoubao.net

gimmesolar.com

bluelacedefense.com

grandagent.club

warqatalzawaj.com

getvirbelanow.com

Targets

- Target
  
  MATERIAL TAKE OFF - GASKETS AND BOLTS P 5721025 00 001 12036 L003.exe
- Size
  
  531KB
- MD5
  
  4665816f4565fe8486cebe90d442fac3
- SHA1
  
  7f35fa7d52f7de5831b7c67b6252eb89bdf9ae13
- SHA256
  
  2273d198e458cede0e587d1c4d253a1853dee5e267659691f1758d2a87e50d77
- SHA512
  
  7f9e0bda85bc0169bb6bb376bedd5bcb6fe08d040352a90a5fd5b4cbd2093449e12a3b80fab689a6685e3ecbe0b5941e10aee89d3f5c47d4d38ad8a3b9409366
- SSDEEP
  
  12288:aQQFxzHeqxqhgLygM0MABlg/7SKpjKLiYriw5dRYKUeG9T:abf7IOLJrYKUX9T
Score

10^/10

xloader m3ci discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2