xloader

General

Target

1fc611223cc9d18661198b3b141ad524b820288c498711e51a9c2c026d818d27
Size

186KB
Sample

241121-y5ys5a1ner
MD5

c9771499bbf2f3d520444e54b291b529
SHA1

bdf15ec1217fc1b0318743f1d88a7f1e46d70c49
SHA256

1fc611223cc9d18661198b3b141ad524b820288c498711e51a9c2c026d818d27
SHA512

6513c196528b4e91c36a98d0e14a5dc714b629b99ddccbfe781977c1687a2edf2cdc8369c9c43591353df9aadbb7fe8760e519714ab1504f7e9695904084aad6
SSDEEP

3072:5qtJigoZLphkPkk6vNl4kf6fRnR4bIBC5rVvkNAciHswEz6zVw4rGOpKq/2Z6jtq:aSZekkzQ6AMBCaAciHDLzLGO4UTA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

iaop

Decoy

fullcontrolsystems.com

shoptherevelle.com

strongpod.school

carthechconstruction.com

zaniherballife.com

pioneerlynn.com

37house.net

tuckahoeplantationlivestock.com

13053776999.com

aax1688.com

colonialservices.net

durango.xyz

bfncdn.com

gabrielgarnica.net

stilemilano.com

triportinc.com

shilparajan.com

singlebuck.com

learn2pmp.com

stgwxq.com

Targets

- Target
  
  New Order.bin
- Size
  
  200KB
- MD5
  
  9b4f723dbb86d64168d8347abc60f232
- SHA1
  
  6bb06b4992e8212ad8eb82ef6dbe96039508680a
- SHA256
  
  688ac6f12f6c5e6342e8a357aa09f94a35000967c391c17d7264fca65098600a
- SHA512
  
  5330fbbe2312a6bfa050907cc1b67f00aefdf32cfb671c956fdea6411ac6623fa9352472d942c3f3eb9dddc3908ac4024908b0276e15df773835cc9828a769e2
- SSDEEP
  
  6144:QBlL/3Ym6NjZ1ZIRwHugFHe/HUiqcVMvTX:iVp6TfbOgF+ZDML
Score

10^/10

xloader iaop discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4