xloader

General

Target

c866bebd7ff21337ee973db5078bc7635170f994a7d6c9520a88f8313e4cbd0e
Size

294KB
Sample

241121-y7hvpa1pck
MD5

0d1dfd1fb7aa2f1d6ad7b4bffafd6872
SHA1

52edf260720432f4352cd059289a621c9dbfc7e9
SHA256

c866bebd7ff21337ee973db5078bc7635170f994a7d6c9520a88f8313e4cbd0e
SHA512

8152f87e5f8feb61c14928399dc51270822dc06d264b6b2179e619af883492eb772992c99e69a4da7163be97f01a1f4f292d20df935394f178235903cda74e98
SSDEEP

6144:0BvAB4pns1v3Ui9aacnCOCtqc04GXiFVUFrKalvdhotbaaBv0XyIg+7S:02upns1vB94C9tX0rKaZzCaj7S

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b4t9

Decoy

grannyh.com

spacexevent.online

hukuimaru.com

28685dw.com

butuns.com

tobiasqbrown.com

phrecruiters.com

comparativeliterature.info

cncfpro.com

kmcoti.com

jjcward.xyz

deadpangomtnu.xyz

hbbforyou.com

urbanvelites.com

neatsea.net

reyuzed.com

desenhandomagias.com

ecoecor.com

purusbontanics.com

deltavariant.tech

Targets

- Target
  
  PI 4717_PDF.exe
- Size
  
  306KB
- MD5
  
  c14625cddc83ab7cc4d5bf559bb0b519
- SHA1
  
  75d857ed93cb4c5ba2e2ec6c546e49c1695aac2a
- SHA256
  
  acbc73c81f446276bb0110ac2a5d902d928556adcac4ed41fecff6671c818bfa
- SHA512
  
  faa37131339a22782b4c5023c70d506dc8be0d19f44a1a33380c06670e5d15c93defa94254a2e7a7ca9e62d2693950cde4a3226ebd22b9ed757552618ef7250f
- SSDEEP
  
  6144:rGi1YPNjmC4errA4LgFYRBvtCJ+DJgfRheS6tD4glttwcTTaTvzsErsZNC3azW:JOrrnLgFaBvtCZfRMTLaT76qH
Score

10^/10

xloader b4t9 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/yeorkzn.dll
- Size
  
  134KB
- MD5
  
  de4cd82a7d5710c0920e65426ca69cdc
- SHA1
  
  f6f2644a63dfaca5e87d72f9b5bbabb88ac4b716
- SHA256
  
  7f9b3f353d52281a4c811baf32c963950139aaac91c34dd02da510eb8fcdf330
- SHA512
  
  e4b8941eaaf2d4260fc3ea7aa84196d473b6e6ebff3e253bfe1c899f3f97803d98554abf52af85c84a6278e58f06573726a0f80ede272dd6eb38c8de4bee1bbf
- SSDEEP
  
  1536:riqBVCUCN7r8Aysu0NFwofM5uyBjFwla41chyVbbkyskbdFtKlrVyi95+6Lwca/j:ri/7r8AFNjE0GQchyt5EFIAZN
Score

10^/10

xloader b4t9 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4