xloader

General

Target

24cec46977a0cbdcac2b936a8507377c764d082e071cdd14de8081f4d382cdf9
Size

811KB
Sample

241121-y3wkzs1mfp
MD5

a1d6ad7f3ebef602b38b2d8edee4a6d1
SHA1

0f84b12223ff644e222ba6ec0f1cf13da04c4165
SHA256

24cec46977a0cbdcac2b936a8507377c764d082e071cdd14de8081f4d382cdf9
SHA512

f420ba14326d0ccbaec9878c9b65a8fc8e09f9c882f2239a7d7073f1fcf76830fe1396f1c78557687768b1ca6d1aa8d5e4018dc0ab5f0e4700c01311feea4d23
SSDEEP

12288:UOovnyAmUk7Lj0/6U6niUwSEOmvpwTHxZM+GDgYjyk/M4h8Ds9HUTBTVt:UOanyjO6dniURShmHxCgYjyk/M4hHSt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

imta

Decoy

conditions-credits.net

tamaracatharina-creative.com

semogalanggeng.com

lasvegascourier.com

loginkopi.com

easyspeak.life

alternacanarias.com

pasaeli.net

veragarcia.net

texassandhaulers.com

ihbonline.com

getawaytocornwall.com

vanilzamisturini.com

privatecine.com

picsag.com

rougeperiod.com

simplysouthdisinfecting.com

detectexperts.com

macdonald.delivery

fipcebpxx.icu

Targets

- Target
  
  PO.20586829.bin
- Size
  
  1.2MB
- MD5
  
  b45e34aecf9c73c7fb54edab05973e42
- SHA1
  
  41861a63a47b4d1a70d4d81dbde119bfb893abdc
- SHA256
  
  36a6dd99705baa431be4fa3b3d1223e540a171d419b79d0c466916269fb8608f
- SHA512
  
  d698e753d4d7a4141c6cfc6e7baa43e551a033cb0ddbc93a2cf229a450f24ef5bf106acff221241928b9612067a9e9eb178d722b21bed5ab9bb2ec54d35132f2
- SSDEEP
  
  24576:NyUDWIp7eS8sP60XYwxx3CZswC15rafWV/Nm/y12NhmI:A1ITV9XHSZCjaNyY/
Score

10^/10

xloader imta discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2