xloader

General

Target

9d4210744b5ca656eb5a3c980a3fc19c92b01a3b272a6e1877689cbc38b5aa53
Size

204KB
Sample

241121-y92eta1qcl
MD5

fde873126b1fc7fd6df06ba677114557
SHA1

84412ea2a141ffb5b9809733be8d86fe01050463
SHA256

9d4210744b5ca656eb5a3c980a3fc19c92b01a3b272a6e1877689cbc38b5aa53
SHA512

38d0ef118581f82e7ef317665e13bba10171ca191b62826dea41fbcc414461b20dad22fcc79527c9200c4e1e91ec5a96800198ac6a85792eec825c43887c32f3
SSDEEP

3072:59FdoYUWFF8OcRVU1XUhpQmI92nMQ3jDW+2viG/b56Gxh49CqtC57T9vzh6Q24SY:5/doYLDHsCkL6LQ3hsl1XMCF9rI7Qf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

um8e

Decoy

theypretend.com

hopeschildren.com

kuly.cloud

maniflexx.net

bedtimesocietyblog.com

spenglerwetlandpreserve.com

unity-play.net

bonap56.com

consciencevc.com

deluxeluxe.com

officialjuliep.com

cttrade.club

quietflyt.com

mcabspl.com

lippocaritahotel.com

tolanfilms.xyz

momenaagro.com

slingshotart.com

thefoundershuddle.com

mobilbaris.com

Targets

- Target
  
  RFQ-BCM 03122020.bin
- Size
  
  217KB
- MD5
  
  d3d5e6cafa8ca89384e56e6374a14203
- SHA1
  
  ba57aa266efd34ec5fe657c13ecda85e97ad5b5c
- SHA256
  
  214910524a528bab8dae4a704169e20d9f2f92444df6e6a65d19decafd9f69b0
- SHA512
  
  615e3abe07739af22fea6ba66b7d54f83652704adc237ef7ff3c21780e23d11bec7bab1f9b58e4c6cf0aed54b2fc9ba697520b18618bde88613bb07294c10cd6
- SSDEEP
  
  6144:cQqTvWkaWUhQu2unNCuqToj894c673nHa4c0t:yvWkpUEu/AHYvco
Score

10^/10

xloader um8e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4