xloader

General

Target

136985f3f221620819fd04eda2a931f34e9e6a66ed8d63495c6f76155edd9b75
Size

236KB
Sample

241121-y5nyxswrfz
MD5

9bb52eb730593a0c43585d8049166f57
SHA1

6d6f8b3c207f29fe18ec37a72c3cf9a6b99f5357
SHA256

136985f3f221620819fd04eda2a931f34e9e6a66ed8d63495c6f76155edd9b75
SHA512

b9a7590643228834acbf581d44cc7f9688dd4ac36869e1af5c59782ca9279b42e572f70ccf5bba2e580473e7054064c103ad29ccb5d822fe3f997d15fa6e7d45
SSDEEP

6144:SLbRgOOIlXvhM0yP2cWLzz3ldvhYK85fnDv7eCorI2B/yX4E:SpgOl1vhM0g2cWjVthYK+v2B/yXn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r0ku

Decoy

profit-fx.com

anyclosings.com

genomepowered.com

it-brainpool.com

industriaselreynino.com

theballaratshop.com

niseysway.com

carpesntertechnology.com

newbalancegirls.xyz

stylishwearz.com

duiqn.icu

amaltheaklinikken.com

romecovidsummit.net

jsyysn.com

uctwifi.net

girlshustle.com

xn--vp-xka.com

mypatinacare.com

immobilienmaklerinspanien.info

worldqkqk.xyz

Targets

- Target
  
  97ea9eb9abdc300ce758c07ef0a31854be8342969bcacfc458e642540b63d63a
- Size
  
  251KB
- MD5
  
  97206e8b31ee16ef3d47eab75ba0c9d5
- SHA1
  
  c152b70ac2a5a2fbdd38439eeab9b432339dc381
- SHA256
  
  97ea9eb9abdc300ce758c07ef0a31854be8342969bcacfc458e642540b63d63a
- SHA512
  
  66b88c23d5168341299f0758bb06763f09d1ede5d8fe6cb7f397676f681fe5e233a87815cf5eef2bba3b6c6eaf4f5cb066bec1675b34f97745932a6fa31227af
- SSDEEP
  
  3072:B1NjcVVnLpPunbR73LSVVcFeqcL+ztw9jtAXFUOpJ4BEeT6d9Eh7Q7Ql6stCEuhX:bNeZmxNtcLkw01FuBFW9i7sQ8uTxPoRz
Score

10^/10

xloader r0ku discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  glmvoahjy.exe
- Size
  
  4KB
- MD5
  
  dea5c229f2b9623e29d3236d26da3551
- SHA1
  
  782235d5f7991fef92f72ad3aa045fc1105708f3
- SHA256
  
  c8dce5a38599e3e4929af394c86710593dd84388e18ee9f512800685c909d2d8
- SHA512
  
  4a3aaa23d5ea3801ae64ae71d7e3824a8e3f817d61c617619c31a3842ec30668c1d0e1729fe519315285132664ced11a558a30e1e06e48c457840eb9a9573e94
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4