xloader

General

Target

e5c31f263b1c09ff9a8d9763489bb4a764e99d27ccf475ef1991e0da9e4629de
Size

659KB
Sample

241121-y8dblaxjg1
MD5

fc0d45374385214851abd79fee79a7fc
SHA1

d73fd53109aaf28b51096ce1a2b90a1663bd74cb
SHA256

e5c31f263b1c09ff9a8d9763489bb4a764e99d27ccf475ef1991e0da9e4629de
SHA512

fd64c43098e89d05407389008e5d69d2d76f0c3acf10b6368ac6a954031d70f6a1bc6f4a9ff91790aa93055c97514bd3396242aecf0092c04af408d1cc34937a
SSDEEP

12288:hRYtOhVkHMm6PT3c3V22ikNnAdwhVKSb/z2MYXTRWZv8HLKJ04USPf:heOhSb6UAkNUQv8H3GPf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

i9ng

Decoy

guiadesfralde.online

asjcjm.com

peacefmradio.com

pastasteakandpancake.online

imas-millionlive.com

ori-key.com

emissiontestrepair.com

education-mentor.online

axieinfinity-airdrop.club

iphone13pro.photos

grjeht033.store

plainfiles.com

texasinjurytriallawyers.com

votebrenthagenbuch.com

xn--crahome-cya.com

lquzd.com

anwoguoji.com

tacdating.com

shop-mr.com

pandrwatch.store

Targets

- Target
  
  f7c8388b7b9d110dc7f4a72fe5d7477a8dbd0e1731fd04bee8c6c5f7bd26540f
- Size
  
  1.0MB
- MD5
  
  5e65687e6dfe0d3b02757fecea0b130a
- SHA1
  
  27fef89564b277da09f18bbdc9215c65b1ee729e
- SHA256
  
  f7c8388b7b9d110dc7f4a72fe5d7477a8dbd0e1731fd04bee8c6c5f7bd26540f
- SHA512
  
  4388eba08207189a816c5eb2b09776186c48aa02ba1407c4108a6548d29f1562184beca49c6d2de65510af89f831bec23465f189f336d6bbadc3ff5addd194a0
- SSDEEP
  
  12288:DGwxGil6fbZkSIl7ganNp5EjMLFIUSr17nyNcWp1SG/23FGva5nlFhZ/Mv4I8PQf:DlNktkSm7ganNp5S0ps3par7LOvlWp
Score

10^/10

xloader i9ng discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2