xloader

General

Target

d6d59093320d04c4cf05c9451186fb00b28a097ecc00a473def3c7ee64be25c2
Size

246KB
Sample

241121-y5c7es1ncp
MD5

b3c4bca28dd6eae77847c85fc78da330
SHA1

b328faaa59420e867e6ae8bd9b2b3718fa428afc
SHA256

d6d59093320d04c4cf05c9451186fb00b28a097ecc00a473def3c7ee64be25c2
SHA512

4ccb72b16ee4b6261900341c186075da56b43fd3f07c106983876c4e540217ed07f0288de707e91b257a836617e68f1552550f18e53d06f845192358f0739401
SSDEEP

6144:nGR8XGPMi4gTjWEUGJ9m6+5N/pD4MzWCeWkxyaF1dO74X:nGR8XGPzTjQGv+bNrYyyOEX

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rgv6

Decoy

goodluck-shop.com

bra866.com

act2design.com

highclear.xyz

luneeatery.com

northeasttexasperio.com

lowresvideo.com

xn--gmqxk523cur2c.com

64382.online

duiqx.icu

successsuitsu.com

monarchscaffolding.com

bodybybetsy.com

bambooquotes.com

maktabeahlesunnat.com

francetempspartage.com

ivcleanse.care

vessel-wave.com

perranormalidad.com

inkhacks.com

Targets

- Target
  
  PO#11112100012.exe
- Size
  
  259KB
- MD5
  
  7c29d861a4278a75167c4b6823441e25
- SHA1
  
  80fa2a19eed6387b5e20b025dc9d3bf062170582
- SHA256
  
  956c96cbe30f2740b410c770bfe2ef855154c129afd48bbf34568ab872eb8988
- SHA512
  
  117fda8fafef9dc7eed8b644d1c13ccadab8b5f451df0639e13b2b6877444ab6bbbe26e24ef3afa269bd946ae581be9bdd5639834866f0da2293d1b393175df7
- SSDEEP
  
  6144:rGiXAwgdaEpnfKqEuENir0EWaIxkGnrmr:j0aERfw2wa04
Score

10^/10

xloader rgv6 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/jdzq.dll
- Size
  
  34KB
- MD5
  
  3cbfaabed5bfdf7ba91b2239ff4f54ae
- SHA1
  
  f135231f2966ef23161b8744cf5c4d321234d1e0
- SHA256
  
  369665e2448df9c8a1dce71ca14a508f4767ee7b4a141a39d662fff5a523a1a3
- SHA512
  
  a4a9bddc5d0c805f15974dc5b975196f9af26fdf8285c6d7ffbdcb22f3529d44863e8616cb33167f0b3a456e07cbd71fae3916b1c0c792317f36b90565e6184d
- SSDEEP
  
  768:F+Fegdn2Nn9Zee2WcRUHx7cLemtcuRAoTGgV:FXggN943WcRywem+uRAoKgV
Score

10^/10

xloader rgv6 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4