xloader

General

Target

768f7b22ab2a7c43914ce865f49ac9300bf98a0e40b8c2af8fd5144241435570
Size

329KB
Sample

241121-y4cjha1mhq
MD5

5abe343203a4caa1bb37727d5fad3afb
SHA1

0c3afd75506d48f965f3f0aedd01b349934f2f78
SHA256

768f7b22ab2a7c43914ce865f49ac9300bf98a0e40b8c2af8fd5144241435570
SHA512

c295bfee1ad87821fdc321cbd91ff9d20d691025dcb4db946b73c42e471f7b50dda027d4ec79dba9fb142ef12a07d5dcebac5671c8ab608de9afa681281ec2cd
SSDEEP

6144:3zAQnZ9LxFRB0IZGXWuGzBhCeJd7q3WoEuHTwhjoHRdMU8kRrV7fKoiuV/f:DAQPvRB0IZGlGznCk7MHEuzwhjkReU8s

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

jrbi

Decoy

dellukclients.com

trackusppackage.info

xzycedu.com

mk-english.com

dailyromance.club

thegreat.store

mycollegemail.com

roshinimotordrivingschool.com

easonshen.com

herbaluntukkesehatan.com

kickonlines.com

xtrategit.com

antifiatsocial.club

boiyr.info

binodclassicalofficials.com

crescendomg.com

kengriffeyjrnft.com

creativenft.xyz

fusionwaxmelts.com

dgwb7.com

Targets

- Target
  
  377f7b2c2c6adc9cbb464dbce216962a7c7f55ee2ca95a5e89020f4115abe744
- Size
  
  340KB
- MD5
  
  19becff2f656ca71ab841ef21326e577
- SHA1
  
  d8558e5b66f691967699071138b3042ad5560895
- SHA256
  
  377f7b2c2c6adc9cbb464dbce216962a7c7f55ee2ca95a5e89020f4115abe744
- SHA512
  
  e959036d29c2e11945c92517d7505cb9d8a0d774cfffc9ea91797a74378912a0b75edb6afa278ef4ab6a43ea5f1c11b0f4ee708faecde64fa60928bd2ad20ba8
- SSDEEP
  
  6144:rGiNO66MLnlsoebXltYhzAlH9bun+JU6ks2VTD7+ylh1fC0oU:hO6D96tYGliAkdTDK41fjP
Score

10^/10

xloader jrbi discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  rhirzqxzel.exe
- Size
  
  179KB
- MD5
  
  8eba063264c95a7a03ff814a0a52e290
- SHA1
  
  b4f369189f03b9226f5c7deec519f3d32add08a2
- SHA256
  
  77b2a7dfaf2070513e4ba93278e59bc90fb2c357ae6ecb04a4f5a220929d0753
- SHA512
  
  7dfb74454d19157f6659bdafedd179145140a7dd6f8bb74f0b8a4d00530306c9fd8ab72219e1731f0a5291ebeaa25612cb11b5a6b490697b39ad5c9dd1eea2f6
- SSDEEP
  
  3072:FRkMxoi0pXe9X11yHJqkc3xKLYBbIseNfIdQyQ+/tozm:FRcXe11oHJqlEb4R
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4