xloader

General

Target

f30ca63b742b25d6edfb3a8f2828b08a0cfbb5d0bec0e956471c26ca9b7647a6
Size

239KB
Sample

241121-y4p5la1nbj
MD5

a98eeb0672c5a6b301a0c685f767d925
SHA1

19bbeb527912def7daf4e49a501e06f49626ebb0
SHA256

f30ca63b742b25d6edfb3a8f2828b08a0cfbb5d0bec0e956471c26ca9b7647a6
SHA512

db36e3ffe7c181b0c41735cba086aa3c93ef3c29741ea05c27fc900dff33970a70d26a2496c0dd64608115ac0ba5a1bf30d73bb58b38b0c73fcaa6e2ad2137dd
SSDEEP

6144:Zsgewupfq6J9wdxy9UIZCQAQyxnDDWGmw/sFIh:ZsgSq6J9wby66CQIxvqw/UIh

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ordv

Decoy

boliden-ab.com

internationalinsurace.com

young-shop.online

accesshaiti.online

kelloggsvideos.com

allanglessurveillance.com

valentina-gil.com

unforgettablekreations.com

freedommontesorri.com

yp890.info

nifaji.com

ocopusa.com

urbanmastic.com

andrialimran.com

scpartnersgroup.com

plumbersguild.enterprises

pepr.xyz

leysy-y-nazareno.com

listodates.com

flw.ink

Targets

- Target
  
  cabb80e60885c678211fa4a1653e92f98d9383ee9c31b2576ec507153585d477
- Size
  
  304KB
- MD5
  
  c9070047ab2475ee0a972aa35e607d6b
- SHA1
  
  c6147247f9f048a4260293c3ffd38504f47a3e7d
- SHA256
  
  cabb80e60885c678211fa4a1653e92f98d9383ee9c31b2576ec507153585d477
- SHA512
  
  fbb9c1f00c4826ee08e04b864a2b84fcef0c1935a258dd229173170cca52d0d364c48cb9de458b89ea1f41811fe42dea3549ce1aa34235648902b7adc1e239cc
- SSDEEP
  
  6144:1xDNXvMZdAkGun7Q4cu7uTpBz0hs9V4SGrPyQaL1S:xXEX9849uTMhA4SC7aLg
Score

10^/10

xloader ordv discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  xbgsaxgvtq.exe
- Size
  
  6KB
- MD5
  
  2ba1a350b5a4deba2dd52d84c03534b4
- SHA1
  
  ba6baa55c68ee4b7979ee3fccc2c54878c705a2f
- SHA256
  
  95ecc7f27ad29fed67b107020ab9291ec6115bd6a375306331de7d98deda578b
- SHA512
  
  5575e7e591f3f3e6dc461f8ef9203decc1c1295f9588b70ae9c2e0c85bf7116b60ea15718cf3875969b261aa2f8e874bc361bb5130b5c7e3bc2aeee2797dca0b
- SSDEEP
  
  96:5PWQ9fzIvSgdlgKV3LcOs6Edfq/VhB9oPOoynKx:RWQ9WsW7VbE1wQPOoyn
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4