xloader

General

Target

4e83c1441f252782103187e9bbbbfd734b5a84474b48164d02f1fdd7260ab45f
Size

663KB
Sample

241121-y8ejnaxjhv
MD5

19b547c7e1a368ec0e092d3285f7e9cb
SHA1

d47cb209eecd77030856abe1d25e207ec13510d9
SHA256

4e83c1441f252782103187e9bbbbfd734b5a84474b48164d02f1fdd7260ab45f
SHA512

0f8597a883fde70c22a82e8c4d19844d505d6eca11bde150b09a1e952b036c5f6eebd70d6788c699ecdebdd6354b7ea38782f026868f00f63c89266ecc38b290
SSDEEP

12288:0V8YgdM7w0lYbbAvLvjarcblTOPUo1mtAoo4TACT:0CYgdME0e3q+2OPUZtAM

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qize

Decoy

mamyscare.com

fasttogrowbusiness.com

smtrbrnd.com

nifties.ink

armorbit.net

self-mastery.academy

race-event.info

tomreagan.com

buybitcoin20.com

legittradersfx.com

masonpaintingandcontracting.com

puregarment.com

m33933.com

360metaverse.biz

altsiona.com

egdevils.online

waygao.com

ikmbc-b01.com

share138.com

1sa.online

Targets

- Target
  
  0aaa73b1b2b951f7a10dc7a4c8e77b2f659ca543f6b650894f92976342bad792
- Size
  
  851KB
- MD5
  
  49bcec7debb3c44746deae7f46e81a53
- SHA1
  
  f9b97e9f1de7fb216236f11f376bb27d722290fd
- SHA256
  
  0aaa73b1b2b951f7a10dc7a4c8e77b2f659ca543f6b650894f92976342bad792
- SHA512
  
  307bff05d4b863e8f8d32730571cf8e6819f254665eb695b9f22aaba1d8656bad924299b981aae2899917a71f4792caf3759007cd2bad566fcf1da54558a1d28
- SSDEEP
  
  12288:jMpPHPrZ0O0eUsj93S/aOZM0SoUzHRsegL8Y1PsJ7H0MI0AvCtYJ9jRz1JEJOiM9:wPrpiyOZM0YHfqk7HnI0AvCtYn1/
Score

10^/10

xloader qize discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2