xloader

General

Target

7cfb37ee421dd4cb297bd754e077319a9c58a3a638f51ab048207fa8af84a2b6
Size

557KB
Sample

241121-y4634s1nck
MD5

7dba056012a026d747e04ce92ccd4466
SHA1

81fcdba16c58c92d891af240eef703305165a9cc
SHA256

7cfb37ee421dd4cb297bd754e077319a9c58a3a638f51ab048207fa8af84a2b6
SHA512

8158f241eb75546daf3f7ba8120475d694f08e83b6ede2b3f918e5cd869e332d6673521d37752fa2ea86c5456f964cdcf630999f15b45d22edf36d6838c4eb1b
SSDEEP

12288:B4OSSg2JNw78lZ1r55lBr+CaCOhm2adeTM/BWYjXq+MSxTYnQQn:BVo2JNw78j1ru3hEeTcWNLeg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uabu

Decoy

khedutbajar.com

vehicleporn.com

misanthropedia.com

partum.life

tenshinstore.com

51tayi.com

rgr.one

lattakia-imbiss.com

escalerasdemetal.com

nationalurc.info

prettygalglam.com

globalperfumery.com

ivulam.xyz

qingniang.club

quick2ulube.com

curiget.xyz

ujeiakosdka.com

lacapitalcaferestaurant.com

agarkovsport.online

okashidonya.com

Targets

- Target
  
  Aviso de Pago pdf .exe
- Size
  
  929KB
- MD5
  
  db085289795d7e9a90c5271efc2affd5
- SHA1
  
  c0e48a77cb314f0d12408aac6c189851d35e378d
- SHA256
  
  4a4480a59d046a261cf8b3b604d0c6cb87e54633aa784627643ea30ec3a63da4
- SHA512
  
  6811f2b59a62da00890dbc54351bc8d2464a66dd302bb047a5b80e51058acbed983177a18af0acfe483b3f49501a15d855003bdf14b05425cbe676727e8eae0b
- SSDEEP
  
  12288:yCOhcPUWRAhoubH9esjXXXsjSSRX00m2cdSkEtDNOwS0PE1c:yfcPU5L8Qnc1RRfzewSUIc
Score

10^/10

xloader uabu discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

CustAttr .NET packer

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2