xloader

General

Target

463218e0f81e8cc11a979171d140d9eb06ee7ad3726763b9c3d9891e545af68c
Size

325KB
Sample

241121-y681gsxjds
MD5

38e0afd18cfd123bc7f1725232a3aa15
SHA1

db164abb9c64be56e80949271a28c6591a00ea6d
SHA256

463218e0f81e8cc11a979171d140d9eb06ee7ad3726763b9c3d9891e545af68c
SHA512

551ef8b30299bff1c16d6ffe53326b223276375b04c364598aa409c9a361ab3066072211dce2ba732e61371736aa57555eee759e0f95a2ccb6d7482e9162b225
SSDEEP

6144:s8PH4GmMfY+ESZnM5PhV08maBuNw2qM7HVt0PG7AL4DL1Zzkv0Vl1DKizPoJ:sM4aYSZnUox5Nw2nxt0+7/NZzfj2yPoJ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gnui

Decoy

himalayanwanderwoods.com

finvi.guru

iphone13promax.show

rpfcomunicacao.com

inemilia.com

blboutiqueexchange.com

sukiller.com

tzwa.net

noemiklein.com

upscalepklptp.xyz

unboxk.com

greatamericanlandworks.com

bataperu.com

estebanacostapeugeot.com

gombc-a02.com

642541.com

13f465.com

jskswj.com

hibar.xyz

eltool.net

Targets

- Target
  
  PO AMO 8100045923.exe
- Size
  
  365KB
- MD5
  
  0d45b78f86ad505493de7ea7c1bad5fc
- SHA1
  
  b9af7a83744764bbcf20328c4e064c09e280f3a6
- SHA256
  
  f93f0004a34ce6d637eece73e3f6965687dabb941f4562197568ce76e81fff82
- SHA512
  
  8fa87bf1813ceac76b879ac8d2bbea42b8423058419e706da2db63fca31a06d251ce723a3969110d4b674ae8170f2cdf6ad82835244ac5e191e729c0f88105bb
- SSDEEP
  
  6144:1hkS1WpCnrzMkMYIl2izeniK3yOerKkR0P/uiTXP0ZEgnvxdnjMebgN/t8Fv:1hxWpCnrzTvVue3yOKK3NTP0XnvxdndP
Score

10^/10

xloader gnui discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2