xloader

General

Target

3e79ed8b90a2e350bc4097d3c5cf7c3a4631d2fa21500377790b7ef79ae03fca
Size

775KB
Sample

241121-y48lya1ncl
MD5

604f53a7bb3c0fe2169e438f300188f6
SHA1

d35e314bd9550f82457dd26097baebda006aef21
SHA256

3e79ed8b90a2e350bc4097d3c5cf7c3a4631d2fa21500377790b7ef79ae03fca
SHA512

d5e47b49f6bf4af12d9164a2690714c30354278794a5f86414f302c3a15d5e6f629190c7f12475573edad6bbb07c6d8d4f1e6fd1bcce7194402de320f9a64c3e
SSDEEP

12288:PvwLBMk5WzvkmOS7aS294CSAGlMqd1C7i69qpyr7bhYlKdAFsLYfivc9v:3wx5WrP7ddC3gMqdGiyqczhc1oYfie

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qr26

Decoy

libreriarenemoreno.com

searingrofivt.xyz

liveincare-online.com

nahda92.com

oki-net.com

onlinedelivery.biz

marianiartspace.online

wildeblum.biz

adelaideofficeinteriors.com

plickthepick.com

qhyingtu.com

enjoy2m.xyz

037yu.xyz

poseidonvips.com

intricatepainting.com

cwdestore.com

nordic-aesthetics.com

80cq926.top

arbiz.farm

yun183.xyz

Targets

- Target
  
  7612746d01cffc33f8f613b57bf35822aad22277ca6c071efe990dadd2fbc853
- Size
  
  886KB
- MD5
  
  f508abf920fbd52e54dba67bcfd561ba
- SHA1
  
  e4b6476bbb722f0c6513284d827b9290d6056489
- SHA256
  
  7612746d01cffc33f8f613b57bf35822aad22277ca6c071efe990dadd2fbc853
- SHA512
  
  fcfb71e4745b40d5a0366295202bc1732578c38adb2ec605938ebb5fe06f4c9fa64e090a4d713453fed17bea3c3fe34f9342ee10c69b00ce9206fd4527c34ca3
- SSDEEP
  
  24576:6qyd9G4LZ5fO7p9zgAAdsyyq4ZZsVoAc:8d9G4tA9gAAdsdq4HV/
Score

10^/10

xloader qr26 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2