xloader

General

Target

be55efe027389032b9759fab2cae070ec16fe7f17ec802002fbe70f4f6d4e117
Size

187KB
Sample

241121-yk6m8swkcw
MD5

fe3fc7ceeaea9dcfa2543bafcac22ac5
SHA1

dbdc344bc4327fe934544063025b14ee8ee85b51
SHA256

be55efe027389032b9759fab2cae070ec16fe7f17ec802002fbe70f4f6d4e117
SHA512

d7353d374368b9f783c4c54a78aabccb3450696e0879a0b49f5b87590330aa5aca0dd270c7b080ceec83e5833f8af9ee72273220c79142d386541eac4444579b
SSDEEP

3072:XRqMzUZkmk+IHfwrCUMoy/vOuU+ML/p307WUwE+3s6Ujnodnl3I:BqMfmY49kWD+QC/2s6UDoX4

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

de52

Decoy

securenotifications.com

queenannedelights.com

ametistadigital.com

nebraskapaymentrelief.net

biologicsas.com

vidalifegroupeurope.com

sedulabs.com

relaxingread.com

oucompany.com

ty-valve.com

noakum.com

neuralinkages.com

heirsfriend.net

collectordrive.com

holidayrefers.com

rhodessunbed.com

smartlearningservice.com

gangju123.com

yymh8826.com

ssmgaezp.icu

Targets

- Target
  
  New Order.bin
- Size
  
  201KB
- MD5
  
  4af03301316c984c17ca822456b6d918
- SHA1
  
  ad237296e61bde6fe8ba894ec7445bb9bc76ab69
- SHA256
  
  ac339f7ecac47cfc3a860ad42986d9f8d68208e7c7df8b21d4640ade4f2b5131
- SHA512
  
  01988b176dfb0851fb9958c3948dbd2c434d0706b120f0609eecf157619bcd27f16741951d93fa4a236524f4f9cb46f171a9b4acf39b70fac26514eee8248f94
- SSDEEP
  
  3072:QBynOpL12riocMMV6iTl2vFxqr91H9KANIlQoxOPTZEDHjMmRqZiOewWE:QBlL/Vd5yqB1HMVlJxOPODjMmEiOewX
Score

10^/10

xloader de52 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4