xloader

General

Target

dc6d13b3d047296e6fa8f6f27b557603610dedc14d34468dfc3e1c9a4d2a1784
Size

860KB
Sample

241121-y88shaxkbt
MD5

fe89e00d767977b681109c0a8f63db32
SHA1

c93f75fa9678b83e2901acfbcfa7ba73bc0c091f
SHA256

dc6d13b3d047296e6fa8f6f27b557603610dedc14d34468dfc3e1c9a4d2a1784
SHA512

05a344dd8a4569ff7cde2608faa7eb6984aa65da03ede5a8043748aa07b0b9744195b658d4260bc8390319b2fca2863558cd6845afc8ce71a0e56eb842a216fe
SSDEEP

24576:yr40uRu/pxZY9MAtbv6CVysR0ufQ/3vHwrPY4v:v0iu/BY9pbvZ8sqN/3vQ0+

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m7gs

Decoy

goodxxxhigh.com

blun33.com

mcbt328.com

sxtdba.com

sagalocal.icu

spentonindustries.com

greatexpectationssouthshore.com

herzenco.com

duoxizhe.com

h-mawari.net

jeevicain.com

sculpted-vegan.net

vipchainwallet.com

smartanalytics.info

jiujirat.com

canhoquan8-centralpremium.com

pasarandir.com

mario17331.com

dillonsavage.com

ladiesboxx.com

Targets

- Target
  
  6ce6f6c16310e90a3d624750f1d7146aa4d2e8baa04d409133869199d4a5d23a
- Size
  
  1.5MB
- MD5
  
  190bbbb3ef3a08fc73a9d397f87de2ec
- SHA1
  
  c81ffe08d0c6b7859d5c668fc8a756c8acb0b451
- SHA256
  
  6ce6f6c16310e90a3d624750f1d7146aa4d2e8baa04d409133869199d4a5d23a
- SHA512
  
  c379b287d4464bd1de5573500733429ea2cb40c45a67a56d90124660961199a4aa00f74dbdf45cab02ca67ce778787ad7b9fe993d59501c5dc869610a82a2f33
- SSDEEP
  
  12288:v+q3bFCO9bHBa3AWZavABd0YItKOxZsSbWQdOm//8xLrQ6H+Uy1Susr8MmH3j5:R19bHBiHj6cOxvbWQd9/EFMZZS5R0
Score

10^/10

xloader m7gs discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2