xloader

General

Target

b249ae01115f9dd1e29855b35215d33b516bda11f4c32270478ba0cd7392fef5
Size

863KB
Sample

241121-y73j4a1pem
MD5

38f4d6c065ba017fa6ceec2701d91422
SHA1

91674408fa7bf844291ba9db7f11ceea88034f86
SHA256

b249ae01115f9dd1e29855b35215d33b516bda11f4c32270478ba0cd7392fef5
SHA512

3a012eaeeb7915a49bb764380c3c8f496b4236c1df86abefe3f86bcd7bddee1932e925217bd7f7f06843f824c8e1b25c36de71afcb650dffe9b92a684952cb4c
SSDEEP

24576:suGJGk3bxxU0oIb7Kk/UAd9gAM0Y/ocmf:lKlLnUZk7ftmB0YDg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q44r

Decoy

mauricenorthmore.com

9nahvj2e-666.com

vkfrr.com

lowendtherapy.com

breizh-charente-maritime.com

academydocprep.com

scampifoods.com

afamnite.com

southeasternsteakcompany.com

rokos-capital.net

gofargo-together.com

zbytlt.com

rline-official.com

ibusier.net

protectedmaintenance.com

proxrem.com

microsemiportal.com

fpvvoleibolmenores.com

creativegrowthllc.com

godslineaccelerated.com

Targets

- Target
  
  0dd0a3dfcbf4b14b487264645dae24d1b9fa04d2c906ca1767c93b49ad2cb984
- Size
  
  1.5MB
- MD5
  
  b7a26e637aa3bd7fba1c3e95531f6cdc
- SHA1
  
  dfe13564e422386ec2fcef7ad4ecf3903b581fb7
- SHA256
  
  0dd0a3dfcbf4b14b487264645dae24d1b9fa04d2c906ca1767c93b49ad2cb984
- SHA512
  
  99dbd6b31d94d6dc6df31e3f3f7ceb8b344b662a1add4db03c99a68ecb89a55fb0178e9270e1ece88675a87113369e792cea46e6fc722d4b17c67c9b4a062ddf
- SSDEEP
  
  49152:z8W5UWOfuGqMhPwo9F7A/BB8LRBFrXWqKzKzgNR5u:zD57OfuGqMhPwofA/BB8LRBF7fOR
Score

10^/10

xloader q44r discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2