xloader

General

Target

792eb6ce7d9e518bd04454435f7dda042fcaaf787db11abf732e7c16517bbee6
Size

573KB
Sample

241121-y8bsrs1pfk
MD5

3405437103731b48cd79dcbaec7d6f3f
SHA1

ce0dbdab1dddffb2b2a5d60f13aa410caaff29f1
SHA256

792eb6ce7d9e518bd04454435f7dda042fcaaf787db11abf732e7c16517bbee6
SHA512

e3100019957808a9792fc6bd155dbaf39b359f199c3287bbcf4d9a6d04fc8ffaf571c3668834c318639ec84ba3304e0ed5273a51ddf0c5b621251ebb35aa8527
SSDEEP

12288:fAAOj18asg8CCqjk5rRJv3PeTMBOaEVh4pGNs1dyDahYdaFbh1Ja5kO3:va183cCvv3rv8Goa1tedAJikg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahge

Decoy

zlh.biz

suddennnnnnnnnnnn11.xyz

okanliving.com

shopeuphoricapparel.com

hcifo.com

haciendalosangeleslaguna.com

shineshaft.online

monclerjacketsusa.biz

uwuplay.com

psychicdeb.com

adonlet.com

theprogressivehomesteaders.com

ammaninstitute.com

sqpod.com

tropicbaywatergardens.net

yna901.net

3christinez.online

tastemon.com

karansabberwal.com

delegif.xyz

Targets

- Target
  
  48ebad81d92ce98fba777a39a5a78ea05ba60b3d58bd36eac52bd95af71143dd
- Size
  
  872KB
- MD5
  
  fd724406b255a493f330ee2770c4ac9a
- SHA1
  
  860e185a6d5c43181e57d09696d317c511caf3a5
- SHA256
  
  48ebad81d92ce98fba777a39a5a78ea05ba60b3d58bd36eac52bd95af71143dd
- SHA512
  
  6e23dbdbc2f22d77ed811e67a9008eff395fd23d198a585e71dd193cff7cfefd0ad7edfa11de0b5781d0b6cb6dcbacac47ef39547f949dc882d16f81770d1cb3
- SSDEEP
  
  12288:dDFEOEhGkEHIxZEfzfYNM9a462lRbSRiLIsBOgkrBZGR/Qp/vSBR7sXTQiuD/6he:egVOEjqCkov8sBOBlgQRkd4wJ
Score

10^/10

discovery xloader ahge loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2