xloader

General

Target

1a25b69e0db3accb52754eecaa22bf90f651e5c36713da103527b6acf579d99e
Size

770KB
Sample

241121-y9hygaxkcv
MD5

e073e2759692fb4648eefbe9088eb0ee
SHA1

3dd07813a40eda2536a2aab068d841d66ed58cbb
SHA256

1a25b69e0db3accb52754eecaa22bf90f651e5c36713da103527b6acf579d99e
SHA512

83d7b522d5fa6b054bf4b497e333b696f483ff3ab28762a66457da1b330db3cc958e40597ac7035e8c9c5ffbfd7c0eb1d505775a3e9ae97431fd5f08c8f4b1e3
SSDEEP

12288:EdxjQVvGrfZFLkjVgn9KtnnUg6RrbTYWPHVqcF6Yhh1MHkwFM7c0NOLlV0UzfTUz:EQJGDZlcVgE+rbFVzFHnNwj0NOr02Az

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

imm8

Decoy

insteuctire.com

zomkeroad.icu

setiptv.pro

hk2good.com

writerby.com

giftebuy.com

siterising.com

learnsmartly.net

paanopinoy.com

jerikocreativehub.com

whitenoisestore.com

itownfwl.com

kumamotors.com

luxqueen.club

psychiaterinschweiz.net

sanchez-gomez.info

seriesplum.com

eagleweldingmn.com

6917199.com

kundantanti.com

Targets

- Target
  
  Purchase Order# 210145.exe
- Size
  
  1.2MB
- MD5
  
  943c2878d92004d2705f0d568838620b
- SHA1
  
  c134f3cd18715f1451f48bb10747779609284362
- SHA256
  
  30b8f5e97d96ca11c0358b295e60a3dfba91f6eeaa616fd6f1f616326cac8d63
- SHA512
  
  cebf61b3e58038e90d4f1846d46ab069b9da8ca2715eebf0b5ce8330924bf9f905013c7d5cf34f5790efe4ef726a56c56bae33c032204f56aadf6eaee5370e6a
- SSDEEP
  
  24576:jyvWI9raNq5Kpi+0IMTJVd+7J2Y9J2WV/Nm/y12Nhml:jXIFaNI+0zTJr+vcyYA
Score

10^/10

xloader imm8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2