xloader

General

Target

92e912eef01398aa703be3ab3f7efc2945e8e59eeaaf0e0e0c9d4191aff5eb83
Size

958KB
Sample

241121-y6c8ta1nhj
MD5

04cb5721edaa8565972f2ab048ca7de2
SHA1

8896a41d26b1a9f553720e6cb64393e0cd73d953
SHA256

92e912eef01398aa703be3ab3f7efc2945e8e59eeaaf0e0e0c9d4191aff5eb83
SHA512

f9691d197196dcfc665c2a70e6a558ea1fa1df110cdd7d61c90d4a01c1af88d76593e3dc746674ff8f6ebc2ffe5431d635c636f78daabecdb5840c0b3c4d0ba0
SSDEEP

24576:94XK7SiVM40sg9LiRsXPWv8L4tpvU6h5R1hOFBwmlq:gK7dp0DuRsXOv5tpvU05R1kFBI

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tumb

Decoy

securitybusinpuff.com

0er3xl.com

christinagriffithlaw.com

yadeck.com

ifne2021.com

companyintl.com

abioduncleaningservices.com

jadeshelf.com

professionalsupply.asia

hnmybella.com

socalpvrepair.com

storeangelbaby.com

rwnw.store

teenypix.com

ncgf34.xyz

vear.club

cursopslucas.com

bmsr.asia

growingyourlist.com

viviesse.com

Targets

- Target
  
  6759456d7f086df7fa61b742cd77155e04f10fa55570303dfd702b996505418d
- Size
  
  1.0MB
- MD5
  
  89e4639540ba8d5ca09f670c3fa03abe
- SHA1
  
  e2d5ca1ff774c27772de84fd00ac22a070df0a2b
- SHA256
  
  6759456d7f086df7fa61b742cd77155e04f10fa55570303dfd702b996505418d
- SHA512
  
  dde99cfa9d411061a597ebbb4ae306644c39ff1acd09f1e6e525c13e4108f34f9060336fd476e7d0ece3a6bba4d00e18fa3a0a3b245163933f6b722c6e050ac9
- SSDEEP
  
  24576:gKZnnYMDx5YtLoooCqumfr6o6xQlBC1kex6eC:gKZnnbDxeZzmfr6pQ3E6e
Score

10^/10

xloader tumb discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2