xloader

General

Target

6939067aeb78ad7215e66b0b3f1e73808096bb24bfbca930609965b86c6ad3ca
Size

232KB
Sample

241121-y5vfps1nek
MD5

209ca3edcb216241eaa49110e7a420fc
SHA1

8d47c7168c9258cb89442504322d6550ef0d2065
SHA256

6939067aeb78ad7215e66b0b3f1e73808096bb24bfbca930609965b86c6ad3ca
SHA512

20746fc85966afc44e24e99bf214af3b539b66a324e6530360dc1719a242fee9a988cbd51e23fa010efaff15c3b7d48597671934681c211014e561066fa4c549
SSDEEP

6144:8vL4FEBiCfD1BA7QBz0Z8hLxu3dCyLHIdc:yLtYCf47NGhLxPyh

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

s4h4

Decoy

v65mwh.com

ofertasempresariais.com

apoteklowamedika.com

shopblvdhair.com

jtcameraftp.com

vimlark.com

wamodo.com

mistersvisuals.com

copterapps.com

jamesebraxton.com

darmarcasepatentes.com

texasroofrepairpros.com

okaycollective.net

rughouzz.com

dgzhileng.com

markstipsandtoes.com

globalgrowlights.com

thehustleandco.com

fdgrenewables.com

sweetsells.com

Targets

- Target
  
  factura y factura de la v_a a_rea.bin
- Size
  
  263KB
- MD5
  
  8fc1c5f9214f753eda98e00acc7250d1
- SHA1
  
  6b1e3b3869227c48aaa4eed2b33505e934f6e890
- SHA256
  
  006ce9ab63f0b937fb3966829cbdd801d67c5b0f2b17db3d2f176eee508128ee
- SHA512
  
  9ed9a86f5c3b6af00643182fb902ceb523c5d9f20f370efa8f408c5fe114eddaf1f85c79334a8482a65ee9f55ef5d9829cb21935476fa70c60671b575725a64c
- SSDEEP
  
  6144:LTqjFeDgN8/bznxiHSRktaCMC4+Bk/R2lqfDELL:/ZgY/XKx4MVljH
Score

10^/10

xloader s4h4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4