xloader

General

Target

b10c700778a2e577bc6cab35255362fee5c351fc98bffc2b96394efba5991ce7
Size

399KB
Sample

241121-y9dczs1qan
MD5

7ea94dcf17b421221e6712d1f66aa798
SHA1

5eeb6c117c8321436def50de7286aec9c57deda0
SHA256

b10c700778a2e577bc6cab35255362fee5c351fc98bffc2b96394efba5991ce7
SHA512

a45e671cf9bddaa2e01974ba937a96ef61dbc7556e6c9ea2e71627eb2fd6c8699f4e1e6a49e383eb02e3363440fbd2bac0627bdddda1a1851779e95f43caa01b
SSDEEP

6144:KNaJPbCwC6WmA1JEAFDLQWP+zKPup8Gve+6SNIQFbJh6WPGmtSCT4az9dvRR:KoJzPekk+zu/crNI+2Sio4az9d5R

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

inga

Decoy

21sq.xyz

aleimanpaper.com

soulworkerrush.com

lianxiwan.xyz

gorastionse.store

nuhuo333.xyz

greenft.xyz

upisout.com

mgav23.xyz

2day-recv.info

emdestak.com

generatorgmer.xyz

inmyhindi.com

meenubhosale.com

feinquebrantabledoc.com

valgtrizoma.quest

impqtantaou.com

nomorewarnow.com

gmcrjizppcx.mobi

eludice.net

Targets

- Target
  
  d27ea95cff227c46dfbe2cb9dfa6f746633ac5c6f548a0c18a3bb8af7c3017b8
- Size
  
  527KB
- MD5
  
  829de14ff481bf90b296a2bb418daf81
- SHA1
  
  b7976a8fda3f0f27366cd0b0f487ae4de77e64f7
- SHA256
  
  d27ea95cff227c46dfbe2cb9dfa6f746633ac5c6f548a0c18a3bb8af7c3017b8
- SHA512
  
  ae402ef574a54fe15ef0bb437588f222dbaa90065fa1a0780e35d6e52809f4429ca2717f21d9cd7e81ab89b5d046691640bee2bcead0ef48e1f0d029eae1d15c
- SSDEEP
  
  6144:3iefhzZgSqsNo44jy/mP1ia/B/xZfp/FbOkYDMXVApBAdTt0WYnHeZ3Cfkq6fnKf:3icuS5z/QbpPeDMXVA3CaWjyfUOTC
Score

10^/10

xloader inga discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2