xloader

General

Target

55bcf26a637c6331d509550c43cfcf66adcd29146db0f901f12c7639f69fab75
Size

780KB
Sample

241121-y4fk6a1nal
MD5

62bbb998a6516eb7756f9651f7926057
SHA1

6c55a0321b069000de946d77cf36e9915a047567
SHA256

55bcf26a637c6331d509550c43cfcf66adcd29146db0f901f12c7639f69fab75
SHA512

f563c5af3f0bd54658573a9f35bc26f019e633ee237d01e8959e8b5f6dbe65f633b5275644b4edc70be96791ecdf918dc692b2db45a0e17fda54aa6dda423e6a
SSDEEP

12288:lZ8SxrEJgYYz0R2iNmQQoHjSqo9TVYxy0MIZsvIYr8Xa47pIOrgEw7UB4unbRoyw:wSxr9C1oQQ4wjaZsvIC8XDtxw7DGGy1

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rzwo

Decoy

1metroband.com

erobal.com

zzyykx.com

chamallino.com

ehrlichforjustice.com

fzshangmao.net

bulkprices.info

schlafen.xyz

footspan.com

jano5tau.xyz

ukrainianwriters.com

clf010.com

kgvf.email

matura-natural.com

life23.club

yuanxuhuafu.com

autism-101.com

lithiumhexafluorophosphate.net

ducer.info

tender.guru

Targets

- Target
  
  55bcf26a637c6331d509550c43cfcf66adcd29146db0f901f12c7639f69fab75
- Size
  
  780KB
- MD5
  
  62bbb998a6516eb7756f9651f7926057
- SHA1
  
  6c55a0321b069000de946d77cf36e9915a047567
- SHA256
  
  55bcf26a637c6331d509550c43cfcf66adcd29146db0f901f12c7639f69fab75
- SHA512
  
  f563c5af3f0bd54658573a9f35bc26f019e633ee237d01e8959e8b5f6dbe65f633b5275644b4edc70be96791ecdf918dc692b2db45a0e17fda54aa6dda423e6a
- SSDEEP
  
  12288:lZ8SxrEJgYYz0R2iNmQQoHjSqo9TVYxy0MIZsvIYr8Xa47pIOrgEw7UB4unbRoyw:wSxr9C1oQQ4wjaZsvIC8XDtxw7DGGy1
Score

10^/10

xloader rzwo discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2