xloader

General

Target

87c2a597ddaca65031edb76462391be4212a5d789ab72cf0900e82da19ecf171
Size

213KB
Sample

241121-y6plvaxjay
MD5

bd8dd101e06984152d8c4272e5e33e88
SHA1

8e9297595c825cc1bd74f81dde649ff17666b468
SHA256

87c2a597ddaca65031edb76462391be4212a5d789ab72cf0900e82da19ecf171
SHA512

41da2572a3018e31e910003dd66af91379de5ea6e9b035abd2d35f57ac7972f736d6f8ce51450e8b5280d1e6cab1b9d3c9f89bf8c5f58de002580ff5c4657ff9
SSDEEP

6144:WxllZ+a1W6Ou9s240xViNwFAu81vaqY/9Hju9:WxllZ+a1W6P9s2ViN7h97MHk

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

vc6e

Decoy

123lejeu.com

services-ti.com

iseekwithin.com

linkdbs.com

bibproductions.com

chaybo247.com

bondiblond.com

amandawilsonfamilylawyers.com

kbihualhamdaniyah.com

littletykesonline.com

circleofrepair.com

kingcartermusic.com

axqal2.com

dscfpro.xyz

cooltoysshop.com

enzocatering.com

skertyl.club

precommgateway.com

maddie-blake.com

malvinasargentina.com

Targets

- Target
  
  5aa2c01a644cd991b9cc0056f03a0a5462ea4ce6f241d1ad78f9e0b6e042c183
- Size
  
  222KB
- MD5
  
  0235e629abad14322f70eadc59394bba
- SHA1
  
  6fa7ccf3bf7bd29e61f2a43a6ce453520a0c65bd
- SHA256
  
  5aa2c01a644cd991b9cc0056f03a0a5462ea4ce6f241d1ad78f9e0b6e042c183
- SHA512
  
  dbb1b0bb8bcd0d87bc2d122b4d90e522fe26fc9901ec564e5a03793be220efce812fab868011a8ac67d7e2172fa8bcfbdae59bff6b7f1b1a3b53f3b958b9ed9a
- SSDEEP
  
  6144:qNVs7YrLmcv5r3177kM4QoqmQAMMMiVJyx4c6:qNGYrHtZToRQAGY5c6
Score

10^/10

xloader vc6e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2