xloader

General

Target

5884328a30514434200bbfe2c5cda30593c14cb16a61ccf56829762c8b677ce7
Size

343KB
Sample

241121-y6lj7a1paj
MD5

d87b9dbe63b3bdb5c923fd7acde2c434
SHA1

3a2055ac3830cd0a192976e931f7615d1ff899c3
SHA256

5884328a30514434200bbfe2c5cda30593c14cb16a61ccf56829762c8b677ce7
SHA512

9936c5515eecfd98f012859b9c302a05e55576aa55163550bfdb5263cc36039d72654223739d5bdfe9bf952888ddddfbe8691f50bdae9a9ab78e29565327e87a
SSDEEP

6144:XmA/87HbiYPVRcj5fMXm60xZOu92xZxI+mgPeUgPalxQoRykciJXAeJR68cz4JVx:O77i2V4iXm60bOu92xZxLgPGxRy6R68X

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bec2

Decoy

ipelard.com

26gjm.xyz

frontiermotorspaintandbody.net

sunslide.club

blue-chipwordtoscan-today.info

stephanieandjoseph.com

city-show.com

chosen-novels.com

unfinitsoluciones.com

eventsidevibe.com

kingsferryshipping.com

cfostco.com

terrafirmanft.com

ultra-dvd-player.com

networkaccesskey.com

masoncable.net

blazed.tel

herbalmedication.xyz

whistlecapital.com

brasbux.com

Targets

- Target
  
  16165e33ccd1feacc75d3bbb5e85bc304c566eaa45719aeca7e3d737f84fc641
- Size
  
  399KB
- MD5
  
  c0acc3b21bf2b1447b6990f85a0612a6
- SHA1
  
  dffac7b811cb9441e1c20ac15233514c4fade396
- SHA256
  
  16165e33ccd1feacc75d3bbb5e85bc304c566eaa45719aeca7e3d737f84fc641
- SHA512
  
  2f1888ef3be9ac8fbc298d5496e15efe299dc129e43f7f4d02bf2988ad920c703d801eb0ad21b546918bd1df0d50aebcbcdb80d360d40a53e855b5244acd4e22
- SSDEEP
  
  6144:ONtGpBRIZbEIZscMEC0iy+ma7dQvk4JrV2wqCDpVOxIbEBRwWY:OrSRliLG0s7qvk4JrNquVOxIoe
Score

10^/10

xloader bec2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2