xloader

General

Target

2202d6f7644a964e766a1977279da2ad9825b12032c9a1b53ed0349dc8bec82e
Size

652KB
Sample

241121-y64qrs1pbl
MD5

02c3039dc410fe1dcf5be59a7d4e063c
SHA1

7d1586737b95bb8258edfcd9c9786acd6b79eb14
SHA256

2202d6f7644a964e766a1977279da2ad9825b12032c9a1b53ed0349dc8bec82e
SHA512

916c31fce4769413d3624666d6eb768c075d5da79170f76e8f3180a3c68408c5a43672aabc9c9b37c9eed68567d84b14620cd0a18c093bca7d7394d6f11741d7
SSDEEP

12288:rBaIhzIOi9QGJnGFQJhfJCRYycOVNfTGvEd/WDyjncMyKghQvI6q4eM61:wINIOuQkGWJhRCRNcYNa2WUyHhAIqty

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uabu

Decoy

khedutbajar.com

vehicleporn.com

misanthropedia.com

partum.life

tenshinstore.com

51tayi.com

rgr.one

lattakia-imbiss.com

escalerasdemetal.com

nationalurc.info

prettygalglam.com

globalperfumery.com

ivulam.xyz

qingniang.club

quick2ulube.com

curiget.xyz

ujeiakosdka.com

lacapitalcaferestaurant.com

agarkovsport.online

okashidonya.com

Targets

- Target
  
  ATI-Export quotation N° 34715383 pdf.exe
- Size
  
  1.1MB
- MD5
  
  e74bcdece9272b7fb4e58352e373346d
- SHA1
  
  641a895c5b4effed05dd7e5e266376caca5e8be2
- SHA256
  
  7e2ec60952ce4d8fee2442f5705afb8405d94cef6b194f6013a262de5247635a
- SHA512
  
  154f38f0d78ade046c03bbff893e30c68bdcf703e20a21bf867e5165b4278b0010f8585622cdc1358f73ff8245d1d2a34322d13855dbd17fd97eb1cdd9677ade
- SSDEEP
  
  24576:6o44GE0BvNbkLOSiyRRRRR6gvqITpT0j4yirCFzfo:vLCwRRRRR6Vy10j4y1Zf
Score

10^/10

discovery xloader uabu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2