xloader

General

Target

bc76da26a79974b8d9e5ab8c050af68a776f24e2009ef7783688345a0bcec1a5
Size

988KB
Sample

241121-y41w4awrev
MD5

d61502288db973508db3d7514f643096
SHA1

73f88ec0150abfb3ca7e02c0c21d62a98be9f9a9
SHA256

bc76da26a79974b8d9e5ab8c050af68a776f24e2009ef7783688345a0bcec1a5
SHA512

e269812940fac038a668af343534b4b1d8ab76263158c428971f8309c55219ba1b2a181bb0b74150f7bca8558d7af254f78ff67b2d8ea0901c6251fdebb23033
SSDEEP

24576:0ziQoW751kXRWryxCfkL5C/EiHSPp0tKFcj795Sc7GbH:g9vWO6ISPVuHmbH

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pz9b

Decoy

gochili.info

cyberdatadefence.com

payonbux.com

candiceswanepoelbrasil.com

mykaoa.com

tanabe-kanagu.com

dovetailgoodlife.xyz

alabasterautomotive.com

tajc.club

authwdqtsi6sojynof9gmazon.com

cookingguides.net

yah360.com

berriq.com

freetoreview.online

yachtsgoneonline.com

clothestokidsri.com

howtogetstartedwithfba.com

simplepartyplanning.com

sunrisekai.com

wealthfarmer.net

Targets

- Target
  
  Quotation.bin
- Size
  
  1.1MB
- MD5
  
  5caf99a5eb3975b435161de0b401b1b5
- SHA1
  
  271249f641ecbcd5f17b21cd8500b78acb05b5d1
- SHA256
  
  574d7449e38aa78b8c46331df27b3c429feb34e16e2ae36fdf9516af6c793754
- SHA512
  
  b7dc01123ad31dbaafbc9aa62eb600356c70dcf71240ad1503e95ada96e198bfddebae68d280d498d15d7fab0cf26f182662a60d1216db9cc4a39adccd8bd754
- SSDEEP
  
  24576:hfjT+bAaMd3REebAaMd3f0xDccnNiydYfwxbmv87AT16:J+AaMVRE2AaMVMxOyFKsAZ
Score

10^/10

xloader pz9b discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2