xloader

General

Target

2d150c3fca009a40d7c8e0641454412427d99664b985ba8c30614b9227a3c34f
Size

258KB
Sample

241121-y8sfhs1pgr
MD5

774e9d41f83e3cf9a598fe7f6cf49a9d
SHA1

3c3a6fa4e8dfa3befc3c410c032af7ae22f78392
SHA256

2d150c3fca009a40d7c8e0641454412427d99664b985ba8c30614b9227a3c34f
SHA512

35b02fe21df6899d122765cd5c9904c71558b4352d10bbe7773250b5be1fc0bb333e68e7ad43dc00b43b65239df78403ed7fa9f1960dc3ce639a322a2fa3d73e
SSDEEP

6144:X0cC+ALS5Zww+gwYxJqTuodgMirgRjf8X37r+ujLEs4ID612zdH:zCWwHgBxSuodTlRjE3fis4a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p00n

Decoy

beaniemart.com

sugarlaces.online

kinesio-leman.com

gasfreenft.com

ateneaespai.com

askyourhr.com

recruitloft.com

carolinasbestroofingcompany.com

coacher.online

freshmind.today

help-it.online

nicelink17.com

islandtimeoperations.com

agricurve.net

rizkhr.com

innovatorsincommerce.com

grownwings.com

learningout.store

miaglam.com

tengfeijd8.com

Targets

- Target
  
  aa9db27b2063f5aee9f97d7d86b883686f51bd030d0b38d6daaed3629a230a7d
- Size
  
  271KB
- MD5
  
  f9a20cce97d6efd9e8d071420a8858b7
- SHA1
  
  17680094e9bdefe2f5205729f2b55be2ffca81fa
- SHA256
  
  aa9db27b2063f5aee9f97d7d86b883686f51bd030d0b38d6daaed3629a230a7d
- SHA512
  
  fb9055d9f19788e0c2d25f3f400165b630ef6f62604d6ee6a764c7a57f5f115737db4187be30641bca16af11d84d3afdde73b0790f5d43f682e10439ed7a1026
- SSDEEP
  
  6144:zjg3mLX/fN+E4YQaTjiqyYUhOFjuYCN+E+2H:o3mD3N+E4/m4/SCNr
Score

10^/10

xloader p00n discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  vvywdeos.exe
- Size
  
  70KB
- MD5
  
  f357de702f7b08ff1b60c2ca5bbdafa2
- SHA1
  
  bc9e18bfbb4a9ce14351dfdffc3f57d22b40831a
- SHA256
  
  9b4b5b5048151f723ca57f67e9107e24c844f1be62b977efaeabedb5d620eaf5
- SHA512
  
  9b096e239c01f7bf7c946719deb3cadaf206ebd29530cf425a885e7351286b5f010b3fb66a3d55cef5200f2504ef76648789ec95a4935a6ea59a8f51280484d8
- SSDEEP
  
  768:Qg0IfqrDRmG6yfW/b/EG8a7D3u/9W0VSpi3nDNKtc8WjWsWjcd3zeoUBJoqRwxHu:3bG6cIbqa/A9Rngc8DsWjcdDEH6H
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4