xloader

General

Target

97d50f2f4b0cc96385e36d71fbbd2c7d55c23ba3a74495a347ac582ffff8c2ab
Size

560KB
Sample

241121-y9nhysxkcz
MD5

ab60959738daef042b5f5f614fa48895
SHA1

f4b67e3e708ae41343ec58f4aa71d7bc648c3865
SHA256

97d50f2f4b0cc96385e36d71fbbd2c7d55c23ba3a74495a347ac582ffff8c2ab
SHA512

338ee268061eab62197d60061a0260e922407f8bb90b4fe4973cbe1a973e66b9e58cd4c3285a7a755ec397468429e674fce0e447a29233492744e9207447ac8b
SSDEEP

12288:IYMQ4WaUVM69FoCuCsTPqXiQd1mSOxd93aabkZJ4UQGwo3SC:IAZVn2LPTgbmDh57sx

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

f4ut

Decoy

studiokventura.com

rmnslashes.com

oklahomapropertybuyersllc.com

pmfce.net

yingkuncy.com

theailearning.com

artistic1cleaning.com

shqinyue.com

dentaldunya.com

karatuhotel.com

renttoownhomephoenix.com

0087wt.com

hotelsearchkwnet.com

dentavangart.com

98700l.com

seattleproducecompany.com

magicparadigm.com

cunix88.com

vr646.com

calmonleiloes.com

Targets

- Target
  
  PAYMENT.exe
- Size
  
  753KB
- MD5
  
  dceac041ccf4756470e11a7cf926f060
- SHA1
  
  3f887b2125c55ddb0b4dcfe4b49b9bf7f0271510
- SHA256
  
  1def824855543f8011e65445f549f01648856e222215078ebc99281415bc1268
- SHA512
  
  06ecd9b19fc3b1a7fdb6a621b9219407c3512330ccb0c405157373b64675ffa4c6d9e2ebacf2440b3ae6c6bceec24b0331d645961b1fb846d246486d42d14b7b
- SSDEEP
  
  12288:cetA1TrromUStJaIYZULyQHFoeqYsTFop4Cd1k4ONdL38arAbNjsyaUVKnp:7IHL72DNTUvkHb0zahp
Score

10^/10

xloader f4ut discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2