xloader

General

Target

4ffef6d996e41a7cb43bb1c56e139cf70762bd9b3ff7f5e3fa5f0649d0cd740c
Size

956KB
Sample

241121-y5me4a1ndl
MD5

33c27324fb108b790c24bbc8ae21e711
SHA1

29fa2c3f26b41e2571554d7b2c00080646a7c0b8
SHA256

4ffef6d996e41a7cb43bb1c56e139cf70762bd9b3ff7f5e3fa5f0649d0cd740c
SHA512

498487327bd2a1f530b0792914c4abd98fa84fef9cce420c1b398d185f86c085d48471a1875ae3d34df1cc8ea668526b602349a6714a92301e4f0a3add9333ba
SSDEEP

24576:MsSlCDiuJYIe4Cgk5klwnbN79I9XylsyuJ+H/:piuJFfCgwnb5WCW38H/

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qbkr

Decoy

myestiebesties.com

woodwormapothecary.com

titleholdingsllc.com

corpcepa.com

kudjujuudz.xyz

palaciomonsalud.com

jombida.com

appcast-72.com

1ane337.com

azdrainwork.com

cicinstalaciones.com

absolutenuisance.com

hovereb.com

asiapartnerspoint.com

infinite-waves.com

shafara.com

champpoint.com

luxuryhomesandwellness.com

youugou.com

templetongreenfinch.net

Targets

- Target
  
  6d2e62731127aba56d1cf091bdc923b8c0dfb6594fdbfbda160548fea9f64dfc
- Size
  
  990KB
- MD5
  
  f6fb2f464d46e2f9a458e7bad7623c1e
- SHA1
  
  e53c7b7c302125f21b57ec935eba418b171a524a
- SHA256
  
  6d2e62731127aba56d1cf091bdc923b8c0dfb6594fdbfbda160548fea9f64dfc
- SHA512
  
  cd83198844109650a32bb92adc476a37e8f9c250eef3b484624ce6db52513460fa75539003bf0a9c2d3db932331aa3dca56d99b19d752e37f428a2492fb247cb
- SSDEEP
  
  24576:b9Ql9Zo4ir7ntRjygTPTstY2ukMUw+aERZjLsKXL9Cd2dnS:b9OZo4wlTTsNMUz3V74OS
Score

10^/10

xloader qbkr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2