xloader

General

Target

a5fb4c3ef4de5e98956cc0c87c5d07e708ca1e638833d3c9afc8f9f7121267b8
Size

462KB
Sample

241121-y9gemsxkbz
MD5

dc9a333f9a7373e6994ee80dbb2eed66
SHA1

a79b9b40418bcb7a5db7e720f6f6d9dd5831cd7e
SHA256

a5fb4c3ef4de5e98956cc0c87c5d07e708ca1e638833d3c9afc8f9f7121267b8
SHA512

0b22077b8f82252cd28d16c38c7f9e9a325a90d5fe6f8451440b849994d8c28350220d8fa9c53b4e8256f985bd55147e77c614eb06fc4b1aee2965b63722a8d9
SSDEEP

12288:MCcgA3AmjZxDjmLdf2iR5lS22BiE1BKsfVPVE6ARvDRCXK2xu8bcDJJ77:VJA3pP4f2syXBiEpVPSRbRC6Eudf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h6fe

Decoy

fortirecon.com

owlions.com

openrhodes.net

hannahjohnston.com

legacyfreshmarket.com

themedicareenroll.com

hpondsmarket.com

2manyads.com

kiralikservis.com

oxfordprinters.com

yamalo.club

apagyms.com

gulsahdevarsiv.com

employmentpakistan.com

insidegamez.com

curiget.xyz

pinturayanexo.com

myltcpool.com

greenfirewoodash.com

gabrielaalcantarperiodista.com

Targets

- Target
  
  Purchase order 4500447701.exe
- Size
  
  559KB
- MD5
  
  2dc28d7d605c0da46b7c7f767561a057
- SHA1
  
  300f76a7cc13648f00ffb3baa12c51a71adb8395
- SHA256
  
  7ed1db0b1bfb7845bc63e83b7408bd8c475f3173cb0942325663cda742de0a26
- SHA512
  
  875c7ed14b4b47e1cc56876871153ec3f47374e759aca8e9fba9ac681baf19a96b47233f0159327c37dadf2c9d70817acfeb90e70bf6eda9d60616ddf941375f
- SSDEEP
  
  12288:5Xs1g8To3GZrA/XWLXYzTHTpNzfSNmc7seOep6K:dnzpNzqNh77
Score

10^/10

xloader h6fe discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2