xloader

General

Target

6bd51bb621f1889f83f3a1d11b329d4b44a3d78500c3c1ec41c267c62bdb31b5
Size

1.0MB
Sample

241121-y61zwa1pbj
MD5

2b60a0b65ae3f0509797cd21493f95f3
SHA1

cf9fb0c4ba85a85bc1e80e1e1f03fbb87aab78b2
SHA256

6bd51bb621f1889f83f3a1d11b329d4b44a3d78500c3c1ec41c267c62bdb31b5
SHA512

76e364a90e183a42e737a0d52d241af65cf916fd896688c8525ddad214f8ce68d989a523901de317d19a2fb54cd84c7c01de13024847b28491b67b4e95efb881
SSDEEP

24576:STJPRpz1MQFiqmLTmkmL1n1CmZ5l9BAvqiqoluFum3KBDHo:ShfJMZqmHmkmBn3Dl9BA5VQQ9K

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

te4s

Decoy

atlantahousingsolutions.com

loharukaurbanvistas.com

30northcoffee.com

978611.com

aflawlesshealth.com

cannabisreef.store

natureswrathbeatsapperal.com

a6moto.com

1kingbet.com

cabinetfuid.com

0le2rwczg.com

horkinator.online

financecost.net

mailers411.com

arkdecs.com

moretraffic.online

inthekitchenshakinandbakin.com

998451.com

bonuschoices.com

astraherb.com

Targets

- Target
  
  2df4db23209402b9d083df517cdc797b19e66342875bc8de4988f86bea9f094b
- Size
  
  1.1MB
- MD5
  
  f8fe00034e28601cb4b2c7895e3f7d9e
- SHA1
  
  c3494176756cb90f6036478a54de07a73a8359a4
- SHA256
  
  2df4db23209402b9d083df517cdc797b19e66342875bc8de4988f86bea9f094b
- SHA512
  
  5c4a1ffb8da40045c12a3758c8e50fcd472627eb0209c6d61fed494f61aa5bd1a348657ca2594af741852e65929a00ff36e73904faf20a1608fef8d74dd75a23
- SSDEEP
  
  24576:dVSRwf9Kutco0FkgKQWR3+TgMZAb4mhMkGG:dVSOVKutyFkgKQWR3+Tg//GG
Score

10^/10

xloader te4s discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2