xloader

General

Target

075d3b5ed653c153e9fffcfcfa330cf99aae102c8f032a7a8ff730060e6e5224
Size

321KB
Sample

241121-y7gbvsxjdz
MD5

442142aa7b0aad43abcfd195fb839452
SHA1

6560d5996bf71d4f15fa36217d32f75ea17482bd
SHA256

075d3b5ed653c153e9fffcfcfa330cf99aae102c8f032a7a8ff730060e6e5224
SHA512

8b38c1a4834201177cfa65b2374ef9b581239cfbdf4692929df46799c11b9e7876795c258cb11dc23863aae0ce94a0d4198199e05011f381af7a6f10afe11c14
SSDEEP

6144:lgiloCAX+ihfuRpqe6ZFBuZlt26euqhXlUCU0ChFdlG9kV8Vd1v/IZLlPsK:vguG1ZFBcl8pu2ChjV8Vd1SL9f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yrcy

Decoy

ordermws-brands.com

jkbswj.com

dairatwsl.com

lewismiddleton.com

hevenorfeed.com

kovogueshop.com

cyberitconsultingz.com

besrbee.com

workerscompfl1.com

wayfinderacu.com

smplkindness.com

servicesitcy.com

babyvv.com

fly-crypto.com

chahuima.com

trist-n.tech

minjia56.com

oded.top

mes-dents-blanches.com

nethunsleather.com

Targets

- Target
  
  d8f888158556fe3971ae3904db9268b95c1d7f3ee1991dbd04002e018b65750f
- Size
  
  332KB
- MD5
  
  9572e695a50ea24517e2414010e10b46
- SHA1
  
  ae079d5e44e8b797dd8c29a9f9fd13d9466bc97a
- SHA256
  
  d8f888158556fe3971ae3904db9268b95c1d7f3ee1991dbd04002e018b65750f
- SHA512
  
  ed98a7c1dcbc2fdc8ec0baf5b79586340b4e6552ab2026ddfa0efff3c526862baf81b873a6cf14e054219f629bf7609a42d88845949bfb54e49bd399543a57f8
- SSDEEP
  
  6144:TxD7+ihfubpqe6ZFBwZlt26euWhXlUCU0Ch5dlGBkV8Vd1vBIZLlGs7:4guA1ZFBilIpuKChNV8Vd1MLo+
Score

10^/10

xloader yrcy discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  znompeu.exe
- Size
  
  222KB
- MD5
  
  09bbca18da135482d44b23c70f9d8568
- SHA1
  
  9edfd59b24069657a2cf6eb35cfe5bed6e3d1fe7
- SHA256
  
  0013c266aef2611a034268e74cf293cf443b9246ef569c9acf6fadab59a45341
- SHA512
  
  a743f45e84515ed0965ae25ad1f0ac4a8821899e9292c1b0e6cdea93cb2b7f488a38c2ad8eff668c4170495516145476a232518a4f54ebc1aba557c04b43bf15
- SSDEEP
  
  3072:q2mJamjK63BsvtPN668Okm8Q1vwVgTAHjcRh71JCVnv9YbCvj:qU63BsvtPcBMvhUDcRh7Z
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4