xloader

General

Target

3ff80b285092209abdbf24c2cba2edd443aacc91ad293d83cb63b12a9bf851d7
Size

358KB
Sample

241121-y7pm8sxjex
MD5

c28e724a6cda8952026d6f5fe58cbca0
SHA1

c71162284eccbbd7ad89ad5dc09e76417da64a37
SHA256

3ff80b285092209abdbf24c2cba2edd443aacc91ad293d83cb63b12a9bf851d7
SHA512

68b39585ec5ae502e32b09601754aa4d640d41906b4c3f4d528431818661866886d0420affbab4e67c59d89cf944800fcb9f320056b32e8b93749a231a48c17b
SSDEEP

6144:80d7Y8RQChjUQ7gmxav0nNLg2AGYvHSMe2UQnRQizKhItflIMGQrGN1KB3IR/+x/:8L8JhjUSgmxDNLg2A3HDe2UQnRSh49Ga

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

snec

Decoy

sacramentoscoop.com

auroraeqp.com

ontactfactory.com

abenakigroup.com

xander-tech.com

cocaineislegal.com

carbondouze.com

louisvilleestatelawyer.com

sundaytejero.quest

arti-faqs.com

thisandthat.store

biodyne-el-salvador.com

18504seheritageoakslane.com

mfialias.xyz

whitestoneclo.com

6288117.com

oficiosuy.com

autogift.xyz

wallbabyshell.com

chaletlabaie.com

Targets

- Target
  
  Order 1429.exe
- Size
  
  414KB
- MD5
  
  b81fd6b263fc1617a21290a475e292e1
- SHA1
  
  789e25a0b2322b0e9721007786ec41316586a827
- SHA256
  
  720f9b3a1b8c9d8ea1eb23845f3fa508a9f5d06da878360ffd8ec608869c3398
- SHA512
  
  2131135ae25dd47153e39b6cd924737ad0e41f12dc40569c982660072635613f72e503420018c1a2649c37cff9dac35c1f249a243e5c6cdadc926160c440927d
- SSDEEP
  
  12288:CYSJoG/boVsdR0bmEKTteFgjeVwDnB6li:T21/0CYbmEKZfjhD
Score

10^/10

xloader snec discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2