xloader

Sharing

Copy URL

Twitter E-mail

General

Target

d9fe9d908100ab182772f847c7b857f793d38ef5d1e715b9013f8b31414eceba
Size

701KB
Sample

241121-y6gagaxjas
MD5

a026fd52f69f1a46e1140dbec7844675
SHA1

127be53bcd2fc692142455cb4936ed649e7b3e20
SHA256

d9fe9d908100ab182772f847c7b857f793d38ef5d1e715b9013f8b31414eceba
SHA512

1eef4b1338c694b1652eb9788064bf7ecc39f64aae9fdd2d9614c429f0b7c7dc7b86e4524bb11545398c2cfe4e128d51b7a8565161426e4c327437963d142ddf
SSDEEP

12288:ylSC/h7LjEYtlLuFssXkaXDpOyhSYEN0krL6Xv+FS9YD4eOvV0zZIt:u/hjv7SFFjXDYykH3hD4eOyZk

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s9nb

Decoy

shaktiactive.com

kootenaycountryinn.com

lombokrinjaniproperti.com

mindbodyweightlossmethod.com

memoryrevisited.com

irina-o.online

vampirillos.com

tacoprime.com

htyrdetry5t6uyiuhy.com

azarianann.xyz

areshaawraqenab.com

hollandpokerzone.com

oaktreemarketers.com

fuckedminds.com

cosmicarcana.com

ec3.digital

gothamstoneworks.com

sacvowednexus.com

transoreia.com

sgbicyclemall.com

Targets

- Target
  
  Drawing.jpg
- Size
  
  659KB
- MD5
  
  dbccfac98a87f688ab798921d7cb9524
- SHA1
  
  43a73100212a251590045f14c74b14544362ecb6
- SHA256
  
  d1b0a3c99d853a482c44e0d10cc3507983e1c4e0c862a5c72f24d2044280c1e0
- SHA512
  
  a0652b07d445e918c07e40383044fb2ca61a75f4c7aca965b36beffe0987fa371cdffe6a2ffb841b8a86073c5edc68c96ab18a394bb0a8b3e89fa79b30ae61ff
- SSDEEP
  
  6144:2NeZhGRARDdq3EtPMBMqSsU30PI3FG7gXGhl5Ti2ztyUGTSPiTrufZ5wES06cgG2:2N4uoNtTVPXiDiyn4BufL9PNgdOut
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  kwwsdijia.exe
- Size
  
  4KB
- MD5
  
  0b70cb345538f08f82d8f9fc2aad7830
- SHA1
  
  44a374fe05691165214657f1269d9d01d84fcf6e
- SHA256
  
  93eff5a1cdcd83a8ad32e4f3122f31baf07fae3502d1765edf467b76fce07288
- SHA512
  
  27c20b4e4fbc5923a1e8e4a079de46d42d37e7d266d72181bde79db07f177005ebd1caae2de651b077a92f1a5a387d5e60b6663ae7f0550d2dad332e566cfdbc
- SSDEEP
  
  48:vpg047V3NHxdXTznIy+deKI6ve6vDliv/zdS/j4rt3Zfmq8MT+/VYmR:BGV37pQHdeK2/zdNrlZ+vMkVR
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Spare part list.jpg
- Size
  
  426KB
- MD5
  
  cac35edc87d1cdaf5ecdd34900045ccb
- SHA1
  
  1323d657bd67d03faefd521b785e0c04b48bee16
- SHA256
  
  efc607830d8ab120ce4a9fb8062b9986980430b0cc82115d9cb8aa6f4dac29ad
- SHA512
  
  8b7db67d5738da10209e59ae50ce79f39d69ad3438c4dc35110534f073a011048e2e3c21e531e1691041680bd3809297b648075950c1c6348e26dc52e85a6f8f
- SSDEEP
  
  6144:YNeZCHXOWlDX1LvW0PJ1qNmN/Nio+BmTku6tMJNiZt7MZ2kY0a0wi++sAWv/kfmE:YN/XO8M0Xq0N/8XBpMniZxi2kY0yFwvN
Score

10^/10

xloader s9nb discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  rkkzui.exe
- Size
  
  4KB
- MD5
  
  5504a85ec9912968d5730c57ee61c10b
- SHA1
  
  93a21109de21536b28dc51183c26c65d174fbb4a
- SHA256
  
  9ac40b495a05fd8d5b2f4dd668d8e0aa5932dd7171aa070e1ad6cb0a96cd6ee4
- SHA512
  
  e9dffb4a48237d4621f8d379f491dbee1879d4f6bd834d892d4cc22f30a92b2103e5bb231b0293f8b5f8848f2a050a2f295cfc8ad5c9392418519a00a1576e14
- SSDEEP
  
  48:vpg+4SV3NH8XTznyy+deKI6ve6vDliv/zdS/j4rt3Zfmq8MT+/VYmRSSnM:BlV3Y6HdeK2/zdNrlZ+vMkVRSSM
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8