xloader

General

Target

a61ca9bc49c07d5771fdd551d993fd5752d2db1485b10c2667d69f621b9ac579
Size

268KB
Sample

241121-y95gga1qcm
MD5

7139681ca0182861deaaf58bc06a949d
SHA1

1c9b845a32e119f4dc713719b12b79f3fad3b67e
SHA256

a61ca9bc49c07d5771fdd551d993fd5752d2db1485b10c2667d69f621b9ac579
SHA512

0710f97985ef760e49bb6e78d98f701f8b4613061015e8252c147e7b1a92471ccb882782d1f95d034f0487597435f0ce05775238b2b2cfa6ff7d877971ea74e4
SSDEEP

6144:idpIJ90YqIw2A2WulLS8O/dNiPd93eVeIbpgIrruuzWT4Ru4lxXBk+ylKHDvxEJL:idpY900nWuQS9u3hrzWL4sKHDxEJL

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nu8e

Decoy

joansmoviereviews.com

tronicsbuyer.com

test-amqatest-27-08-2020.com

localwebsurvey.email

toptierschools.com

exoticfilipina.com

iregentos.info

ic500500.com

z3255vsrwqstudio.club

dacabionline.com

innov-learners.com

redwardenstudios.com

payprscn.com

hannahmadeya.com

acandenizhukuk.com

alhaddarnewse.com

aestheticsbrazil.com

amandamcmahon.net

naughtykittyllc.com

germantoolbox.com

Targets

- Target
  
  3dd09fd4260601900a344471ec20765518599ec29a36bd70ec820ec88ab6543c
- Size
  
  463KB
- MD5
  
  9c670b350585c15094b92dbbbd46d456
- SHA1
  
  9a63f9d2f3a91cc1bf6376ad9293d99e331ac1f1
- SHA256
  
  3dd09fd4260601900a344471ec20765518599ec29a36bd70ec820ec88ab6543c
- SHA512
  
  b0ac0275523b633419c0dbca35cb53aabbb9143d7906ae00c2a5b29437dda8ba07176b0d20eede4fc50337c1e53f04fb1aaee3f4076add83d7de4c7744f57c44
- SSDEEP
  
  6144:jC7IkOPgc6xiNFAZGOmEyDqOaZjjsFf1San4TIn3f:+jnVgNFAZGYX2F9Sa3
Score

10^/10

xloader nu8e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2