xloader

General

Target

44073a3b4a860bfeb94ad3cd469231a33864ee3f9d9ea66a38fec5d74af383d1
Size

652KB
Sample

241121-y9bt6a1qaj
MD5

700e4a973f2afd34c32bea9b008d0038
SHA1

1522840961d3e02f7803079043633923d5a64116
SHA256

44073a3b4a860bfeb94ad3cd469231a33864ee3f9d9ea66a38fec5d74af383d1
SHA512

5f73f45abdd450c6c1e002157fc52dadbf8df5711d6156ae2d94c812ca7beca60acd70aabc2874173ef67c9db9c3c889ac56a52b4bd6934f01a8c7addae06c05
SSDEEP

12288:gegUuVFCTwA5RawLnM6gNHpBQ95owCeAS3eL2COjLUEfkWJeN9yyMPQ/:IETwA54KM6gSCK5fC2yj

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cfb2

Decoy

modafemme.store

adriankazer.com

littlerockgardens.com

peolinkbroker.com

gulfandinlandlimited.com

overseasentry.online

jen4x.com

saltysirenapparel.com

sprintfingers.com

obio-energi.com

auroralunaclothing.com

imafuckingretard.net

finalimpactoutdoors.com

haylcion.com

cybertice.com

nikaluda.com

juliana-nails.online

karbalacanning.com

candouventures.net

solarpanelscapegirardeaumo.com

Targets

- Target
  
  NEPTUNE M 17112021_xlxs.exe
- Size
  
  820KB
- MD5
  
  c984a1c9d32ebb1ac91ae7aa8bfe997f
- SHA1
  
  382edbc64117b655df612ebd7d0342d8eac6e269
- SHA256
  
  220c05d85e6a90823ff827cf628564d36e1f8324bbb14b976b49525861ffc07b
- SHA512
  
  6148544ae224bbe8dc578d86104fa939d5a4b936e9db9ec98a5da7dcd5c9996235d1df979ad39f8e84d836baa2044ef037aec33331b6431e17b8dbe43083c78a
- SSDEEP
  
  12288:4nqPhCcfZ/2YpYPMn5WYoj/APEavp0mBXR+5RKUS4S2zG9+aw9cNq0p2W:ak/2YpX5W94PEaR0mBB+NS4jZqN
Score

10^/10

xloader cfb2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2