xloader

General

Target

3c73032f12ce0452d865caa33034993e71aa2e42201b6992ecd1e19b97c938b0
Size

713KB
Sample

241121-y55lns1ngj
MD5

aeaed7c40029d2ac41cb1f817d911df3
SHA1

0953612a8ae13c0b3e8cbfc9cbd2a86900efa803
SHA256

3c73032f12ce0452d865caa33034993e71aa2e42201b6992ecd1e19b97c938b0
SHA512

89a66e25b9057e7d66ea9cc4a249523185b30cf13aa7f7bda0f332c929872726bcbea3153ef05a953ba331f4b4720478326294bb0ab99b7545239553da029247
SSDEEP

12288:b8MC9Eg6y+zxKpOs81RqdKeKVA6tlgt+0Mu8H18p0D4H5FNbeQOWOt:D0Eg6ylEs8GAA6tGhQH1w0cZHbmt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gire

Decoy

chicagocbdtinctures.com

ambedkarvision.com

abrosnm3.com

whitrhatjr.com

teachmevirtually.com

slightedgeadvertisement.com

16fortherstatka.com

ankerjunge.com

woodslabkl.com

xn--grupodoaarepa-okb.com

hiraodai-kiroukai.com

lessixsoeurs.com

meetmycopartner.com

b-equip.com

bestwisdomteethdoc.net

uaspics.com

therutlanddentalgroup.com

gybhn.com

shaffershotsphotography.com

e13bythehive.com

Targets

- Target
  
  PO#500128171.pdf.exe
- Size
  
  957KB
- MD5
  
  81f8d0aa5bea6f02e0e3a9db5d88e6f0
- SHA1
  
  f36ca5bd3305f8ea84027b4bb296bf7d31fe3bc8
- SHA256
  
  55db60686c041795bbf307bf11f568774c483764987870c35fa09a7a34ec3333
- SHA512
  
  f04b3385e14bb1565892d4c8bf64ecd884c37a51adf0e516820e4dc782939762905e37a6e8387fca818076861713da398a45d5b5414b0e34a84042872d19356e
- SSDEEP
  
  24576:qr+MOQW87bhQxtVUyonohbwkkUVkKxelbsLRQgYz:a+rQQxtVUyDphxB9+
Score

10^/10

xloader gire discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2