xloader

General

Target

b47c5aaa56adf805663d9854835f7d781f33be5f195f9d3bcde0ae9a76ac9c81
Size

353KB
Sample

241121-y6m31s1pal
MD5

cb40a1fbd21c85eae320e13c2353fc3f
SHA1

72cc89da90c3dfd4ab85c305a45f4315db8d63b0
SHA256

b47c5aaa56adf805663d9854835f7d781f33be5f195f9d3bcde0ae9a76ac9c81
SHA512

429fa930c6eb0d97e49751e60802bbcfc95b044c5cea0a5e455cad7430dcdb783eb943bef5d4ee829bb451dc2e742a8f7dca6912a919887251325c5a155b8eb4
SSDEEP

6144:JqA710UaUi6h5LNNSvaZrr0zeUggBxB9nM8lztYI+Wjlc5/f:JBOUldNjAzLNMzX95/f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwev

Decoy

9linefarms.com

meadow-spring.com

texascountrycharts.com

chinatowndeliver.com

grindsword.com

thegurusigavebirthto.com

rip-online.com

lm-safe-keepingtoyof6.xyz

plumbtechconsulting.com

jgoerlach.com

inbloomsolutions.com

foxandmew.com

tikomobile.store

waybunch.com

thepatriottutor.com

qask.top

pharmacylinked.com

ishii-miona.com

sugarandrocks.com

anabolenpower.net

Targets

- Target
  
  92206b9fa1251b589ab6d14b4828cafe0ec9d9b44df469602b7d3d1ed16ae0e8.bin
- Size
  
  414KB
- MD5
  
  ff1c94584214d5eef525a0d3ff196a8b
- SHA1
  
  64841f419c3d8bff98b1ada134ecb8d63be07ec4
- SHA256
  
  92206b9fa1251b589ab6d14b4828cafe0ec9d9b44df469602b7d3d1ed16ae0e8
- SHA512
  
  9070de7cca07bde86414050f16a73f51c8573e07dca0e8cbac09c870d6f902890d1282dc6f9b1702feb059ad96938ca05dc466bd2004b2c2f670e60ad32f6daa
- SSDEEP
  
  12288:4BkQ43dOVRB08d5VU2B4oiDv9HlIrgKdjXtmy:4BUdObBpbwDIs
Score

10^/10

xloader mwev discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2