xloader

General

Target

b2401ea078603e21a7a086a4ad8ff63cd9671c84d01ad91c38bce23d06a6dd47
Size

109KB
Sample

241121-y4ec4a1naj
MD5

8469bccd507b0214a44b05ab313e4ddd
SHA1

fa41d2ee6bbf1b105d0f580db373355fdceb7068
SHA256

b2401ea078603e21a7a086a4ad8ff63cd9671c84d01ad91c38bce23d06a6dd47
SHA512

ced00db427a7c6c10056446a4cffa6cc98ef7f7e595b9cd1d64cf4f974aea129f293c5f120930f01b1a78df780c2e1270afb3cf784428643586d3372f4a109b0
SSDEEP

3072:9YCAlbh+mKZ9RMvi/5zWr6TIqZs1pIn5qqRIIKCK:oKZ3t/9o0ZGmnaIKCK

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

mej0

Decoy

mtxs8.com

quickskiplondon.com

sltplanner.com

generatedate.com

amsinspections.com

tomrings.com

109friends.com

freelovereading.com

avalapartners.com

nordiqueluxury.com

inmbex.com

everybankatm.com

bo1899.com

ashymeadow.com

pubgm-chickendinner.com

takudolunch.com

carlagremiao.com

actonetheatre.com

wemhealth.com

khasomat.net

Targets

- Target
  
  dump.exe
- Size
  
  160KB
- MD5
  
  ac8e94fe61f6dc8c33785c9a6fd474b8
- SHA1
  
  e3e1dcf21308ac20a1ed5f18a83d34479f7361d9
- SHA256
  
  a828137f26efcaa656d7ff8b220aef97b33e32125eb36d6d62b964a83f13057b
- SHA512
  
  2f9c32ea45ee9b043693648e94d5d354223a54a0cebfc40763b0cfd0960d5e2f10e21d24f101cf5f1eb7005156b70f436f3c5d85d50ebab4e1c4f4ef7826deb6
- SSDEEP
  
  3072:VZBq0c6gQ/qI4rQo4j1PHrFf+baIH7VO5dUdYkVo0z8gT4GNefG:Vm09Wco4hvhfKrBO5dUdYkVo0RsfG
Score

10^/10

xloader mej0 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2