xloader

General

Target

7c189e20c6be34de44f057bb29b3ce02f20ad84d0584b75864047145f9bdba7c
Size

637KB
Sample

241121-y82zys1phn
MD5

f9e9b02b87c37431208213382b9947df
SHA1

92ae03e052f3ee20e668fb91fd9332f8312fc631
SHA256

7c189e20c6be34de44f057bb29b3ce02f20ad84d0584b75864047145f9bdba7c
SHA512

cf82d7fe6eee785ad15c38be63f0ad2f2ef2b3d4599f562ce6c807ce21825a57301cf28121e81cd32d158d108616592aa1ba7ca13fd79a2bdd1c8849a58cbeff
SSDEEP

12288:9/s54PLIfzPOTKraQLf9DE5G2oLE9g2ltEhfv/fe5UMfrBUeS4zhceVNXDQdg5Z:CRLPm09DE5GTMEhX/faRrTS4dcsNXsdO

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

udew

Decoy

danieleawilliams.com

miladjalilian.com

hzmila.com

elecreator.com

instrep.com

4tongzhi.com

sltreeserv.com

expressrev.com

dataresearchcenter.com

filmblingalley.com

3buagency.com

hxjh888.com

gotmetwistedcomb.com

vihco.com

scg.solutions

drcvkm.com

frostresorts.com

gintech.co.uk

luxury-holding.com

roupasdobras.com

Targets

- Target
  
  4c5ba895d47529032c749f81ae5f8ffba7fab5493a2bd33f699c0d05aabfa080
- Size
  
  1.0MB
- MD5
  
  91706d95a9aafe3c99f742e6d476fd66
- SHA1
  
  2b69023fcd198efe36909ae031726a02966c30a8
- SHA256
  
  4c5ba895d47529032c749f81ae5f8ffba7fab5493a2bd33f699c0d05aabfa080
- SHA512
  
  0f85a0ee382f0dfd02da27e52a0e4431da723aa99df88c8d78b92c0bc104c1282dd19841216bbd5b264df6120ec490e090bd5b7fbdb093a6a6fc153db510f23d
- SSDEEP
  
  12288:F7Dc9F3nC0Py3gAhPEJbjJEKFWxqG1ICxlLokn9z5ab2NJO92dJBfOjpkUhXRxOT:OY9jlLokn9z5dg2L0GUhHl1OMayg
Score

10^/10

xloader udew discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2