xloader

General

Target

55f69e37566744971c9c95d0b4dbf05757900786e29788f25a8c0824e7c1e8cf
Size

232KB
Sample

241121-y52j1s1nfp
MD5

f5ee233e004e5a9fa773bc8022d4b381
SHA1

b138aebf665ff6ba5105d037e4b5639a2863ef3d
SHA256

55f69e37566744971c9c95d0b4dbf05757900786e29788f25a8c0824e7c1e8cf
SHA512

ae37e115c6e8f3fc25cb42ed58a3b67eb96d579c4ddab2e675d1afd1950724b4ff346e20b66206021b2515c8b3a82c619e0b6a1bbf9b93d99cf8fbea3515c14f
SSDEEP

6144:M3RLZ/5MaJMdWCMLIHniJiePh+HX0Abitu1aUm:YLZxMaJlPLICJiePC/bitkal

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b62n

Decoy

childzplanet.com

nine8culture.com

yourfoodmenu.com

nxhxyzjy.com

nobelies.com

baetsupreme.net

indiadiscountedfares.com

iconnect-design.com

durston.store

sweetcreationsbyjp.com

ktieman.com

getvirtualaddress.com

cryptopoly-figures.com

minismi2.com

ricemoment.com

regionalhomescommercial.com

onelike.biz

d22.group

kwissleapp.com

cindyrandband.com

Targets

- Target
  
  PO202104-114 - APQ Comercial Apoquindo,pdf.exe
- Size
  
  423KB
- MD5
  
  80309b6c7c611963a2ef5578fddd687f
- SHA1
  
  701a364e7178949f69ef5d4592967d2c7a3a42e8
- SHA256
  
  f649fe26abc9b4c57926fb6a9e68d5064cb55930d0ed5a97c3b30d2a6b8e3fd3
- SHA512
  
  55e8c459b022559e181e18537b4690a8216f7782e6ac1f9fa2d342216baa145fba6ce03d6c18ddcb83da4666c2910034596d4bae40de86bb6fed3bc017ba4a00
- SSDEEP
  
  3072:4Dt0B56C+ME51H01tvNYQUj4XGKf1ZFZllkY7RBtm0tnoOsMVZI3zMrio/ihPEFp:450LW4/PhkNiozKwumk4ce12D2WGJ/
Score

10^/10

xloader b62n discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2