xloader

General

Target

73f3a87138fbde81c8fd0a9c86155f95959e048ab255aa910c3c92bef81c6552
Size

675KB
Sample

241121-y961asxkew
MD5

3e46d84ab557c28ef12355ab3e72cb12
SHA1

d75585dba46a0a9766d647af93ea241072016523
SHA256

73f3a87138fbde81c8fd0a9c86155f95959e048ab255aa910c3c92bef81c6552
SHA512

92f30267f0f2717a1508a73574125a6a5dbef3bea5121ad142a2e752b8863506235ed4ccf0879aae4aa13d526e4faa3cf5afc133f629135bd4c3329cab3dea22
SSDEEP

12288:0BkO26Swh+NPM8X+rqyy6wjPzPJk2wdOH4Nt1qGY0Ui/CAoCmGEeWCUWoW:klswlqh6wj+TYYVqx0UyCl9ejx

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

heay

Decoy

filosofgangen.com

clickb4shop.com

diesva.online

gcs-eu.com

gznk.net

connectmatchsupport.com

sunrisetillsunuptow.com

44.plus

hhhsccultum.quest

mindful.support

academyofpeerservices.net

acemilados.xyz

xn--belle-mre-63a.com

investigatoridaho.com

haimalvpai.com

mstlons.com

arxom.xyz

kcckurla.com

undeclined.info

3881a.com

Targets

- Target
  
  85d09cb470fac72a4baee36133c895a74f7e9adad0e7a16527cf6606705a66a0
- Size
  
  798KB
- MD5
  
  721d3421f9a2e8077117df38e86841fb
- SHA1
  
  37eeb6d7ac92f609b3828838f484ce4ed6b8fd38
- SHA256
  
  85d09cb470fac72a4baee36133c895a74f7e9adad0e7a16527cf6606705a66a0
- SHA512
  
  5544a6b5ff7c7a71356ca4be24b18f6fe4d909b4090a041dbc9a0f8028196a2b1b30b1a9680702f65f659b3d50e4422513a468adf232f91c8451d4408c216608
- SSDEEP
  
  24576:ZbrlINJAclYSKU9rvGwfDLYgvFx5taMx+:ZXlINJNlYdelLxT5tb+
Score

10^/10

xloader heay discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2