xloader

General

Target

f0c8c1357cbd28ced41b65a180915bc9df4e44a60f722dd2c582dc1d00073ed5
Size

753KB
Sample

241121-y5rpta1ndp
MD5

8aed68b85ffbf3b0ce66fc8a331bf8dc
SHA1

2f262f5873924abae534ab03ca4c8bd33f2006e8
SHA256

f0c8c1357cbd28ced41b65a180915bc9df4e44a60f722dd2c582dc1d00073ed5
SHA512

e4b296632a0e2c0def01e26e2e6a650b61ada377764d67dae21266c6b69b8abc6453eaa0759c43ee9554bc48df26d9ca71adb436bd7c253034d1ec9ff38fd48f
SSDEEP

12288:5mPoaTjum1uj5w6my5slBB6QWHKLwubKvhohNnk6GyrHhNNRFkf/CIk25YuCfPOW:ggiK4K9mBB6hQcWNnhGyLhta/nDWXF2W

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

- Target
  
  93e54839118561584c3e736d6b03acfbec1373cfe5b9b9dffdb3d57e96be7d4a
- Size
  
  843KB
- MD5
  
  e8ffcbc409061c90c88be282c1b8b0d0
- SHA1
  
  84ff0763b0464abd121f06599cf3c5ee739fa3f9
- SHA256
  
  93e54839118561584c3e736d6b03acfbec1373cfe5b9b9dffdb3d57e96be7d4a
- SHA512
  
  e3b8c38d8cbfcefa876b5055eb1dce48f261eca1f8ab32d6ac8cb559389ba5700cdef8e5f382b408a1fb1e1c9cfc03ba9fd05d92feef5358a1f2aca1efc2e1b3
- SSDEEP
  
  24576:dw2KSb9kgF16bJtrEMYPzPeglLG6EmdG9tMRdbur:bKykk4AMYPzGV7MRdq
Score

10^/10

xloader n58i discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2