xloader

General

Target

1ffc202c964a238fb1ea99a22a264d49953dd6c9511932f5377cf04116ffd773
Size

231KB
Sample

241121-y3q1ha1mfk
MD5

69c821ae987b92f3144a71c9d618063b
SHA1

0a0804c60b88746c4116204839a65aa4682a8110
SHA256

1ffc202c964a238fb1ea99a22a264d49953dd6c9511932f5377cf04116ffd773
SHA512

e3e1ca25a216019363dfea1d46f551d6cf5fe61a4095e707d522ada6ecd9c7a5355acb4c320573436ab3bc04c61dec4c3743f0682c7518539a28c9c22de429ee
SSDEEP

6144:NvLOkTFilGHAje8epcRHEV9mk/lGKCe1ShSuHit:9OkdZTcRP4ETe1eNM

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwfc

Decoy

a-great-intl-voip-phones.zone

police-trust-security.com

415391.com

coi-sl.com

liming-steel.com

criticalracetheoryexplained.com

pintoent.com

columbusrx.com

clarktribe.net

texasforblanchard.com

musical.voyage

priyamblogs.com

employbridge.works

americanchessmaster.com

australiaaddictioncenters.com

drkell-yann.xyz

barryisdaner.com

frankkystein.art

aromatoto7.com

alsuwal.com

Targets

- Target
  
  c34886d629b199ebcda6f6fef7fcbf5f48ba3153c6789708639b0c37d4ac5487
- Size
  
  304KB
- MD5
  
  d5949e2ad723b184d5622ce746b0177b
- SHA1
  
  10f1ec8f4a1ce70546a4ca25965b606ea2bc20ae
- SHA256
  
  c34886d629b199ebcda6f6fef7fcbf5f48ba3153c6789708639b0c37d4ac5487
- SHA512
  
  9a98a61a1c4f9a072ca9a809c6d582afd02826a449cfbdf58422b0e5dd7886acad515eae1a575e1097e8445eddc9d648592b62ea3560c51f008a235a1b0fa6c2
- SSDEEP
  
  6144:RNeZ2KnbGYu/gc3BOsNExg7ncENT33uRh9Y/qAMJJdLZ+cb4YO:RNpKnyXgcxOsNEEcENT33uNIqbJB4cbW
Score

10^/10

xloader mwfc discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  oryvzibei.exe
- Size
  
  4KB
- MD5
  
  0361a9f359f0e790728f7233f15a24ba
- SHA1
  
  316941b24d00b64baf38a76e3a44596a6bdbef37
- SHA256
  
  60b3f54da2275f4e7062a18ad72b413db3826d00170a859ec533fb1328758594
- SHA512
  
  40bb782aff60a54a88a0d0424a6636e6d738f500b491713547c8dc43e69360ab002cb644325537e3eebacc78be654f211c93467f6fcedb603572e2ceb20ec128
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4