xloader

General

Target

b62380521495152734976ecb6b984c812c8166dce92cba64b59f4df29f64abe8
Size

326KB
Sample

241121-y45kaawrex
MD5

13a399ea5f8b4c1c65c623e7fd5ae630
SHA1

6839ffbe1402da3ec52e26634345b51182a708aa
SHA256

b62380521495152734976ecb6b984c812c8166dce92cba64b59f4df29f64abe8
SHA512

80c4f398e1369df6848488784e9727dff780e65acc4e7d343ba70b55392908ea0ad8d00edf4e9599f8860ea07f6c8fa57b043abe881528b31246cc27040042d7
SSDEEP

6144:shSU0C4VNuibdKx0L5HXOxLyKZtBhS3VkZnJcn4O0/m7AJS+g4Rybnt:wWLNxKx0LdOxLTrDS36PcnZGM8Rw

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

w240

Decoy

deathgummys.com

accentuable.info

logisticairpetrelocators.com

playdropmats.com

ewshop.club

bislists.com

pkkjoo.net

goldenkaktus.com

bigspiderproductions.com

funessences.com

gimpydogproductions.com

motivatedmarketinggroup.com

bjadd.com

2ux3ms.com

zafzi.com

oldmanemailplan.xyz

quotexlibya.com

mobco.store

stofferogbo.kim

akidsguidetotheworld.com

Targets

- Target
  
  588395RQ9484481001088.exe
- Size
  
  435KB
- MD5
  
  5c4f900c98ae6bc1a60989ff945518cf
- SHA1
  
  512810a254405e9250dec9036293904ec37ac86f
- SHA256
  
  08302b5e5672ba31f714c6ff192a0abb07fabedc63fb1fe256a3ec4ac5512818
- SHA512
  
  8606005882accae561c729268bd82f57a0c1006d6c925ead479d69aa3cda191bd6bb32e2bf66c3cc431bb29dd4c61d0f9cb71febe7bb4c20377e6be7df12d00f
- SSDEEP
  
  6144:Y4vXf2uStjUqgJqjpdKJJWJtJwkzJslW0Eu+7WSOmycqEbMRXqrQ:yjULJqjpEJmUkOQ0t+aSO+MRXQQ
Score

10^/10

xloader w240 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2