xloader

General

Target

9d3c9128b7b1e2e2966ea1ba3a8ba0da12fe5e631aa6ca7c3930d5313b44011e
Size

395KB
Sample

241121-ykh7yawka1
MD5

082ea5a0fae05b7a5a2eb40cef08d5be
SHA1

4dd0a441db6492dcba960eeb9ce312c56141a659
SHA256

9d3c9128b7b1e2e2966ea1ba3a8ba0da12fe5e631aa6ca7c3930d5313b44011e
SHA512

86737e0ec2e5093d9021467a7958508a2707c767ad8bbf54b338e57d0b5fa222ac8d34af788a975257be94f21105fd28372437d364a484bbd49a00f3c10ce165
SSDEEP

6144:y1RdbdgiuyJoZQbhtkcQTnhjJbMmr2IxEfsceW8W7YzJadTmOs8cTci/L4WIYUhK:E2lVu9ADhjpA/xwadTmOucij4WIYXVkS

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gnui

Decoy

himalayanwanderwoods.com

finvi.guru

iphone13promax.show

rpfcomunicacao.com

inemilia.com

blboutiqueexchange.com

sukiller.com

tzwa.net

noemiklein.com

upscalepklptp.xyz

unboxk.com

greatamericanlandworks.com

bataperu.com

estebanacostapeugeot.com

gombc-a02.com

642541.com

13f465.com

jskswj.com

hibar.xyz

eltool.net

Targets

- Target
  
  77a0d2b3cf7736f6ba6798b004ce89ce2cbbd049a8eaef6bec53cc854b4e79c9
- Size
  
  540KB
- MD5
  
  dfe3b8cb39210af2ed9b38498cd13902
- SHA1
  
  42b4b9189cb5d08ba305b275bb67db9a5ff21f51
- SHA256
  
  77a0d2b3cf7736f6ba6798b004ce89ce2cbbd049a8eaef6bec53cc854b4e79c9
- SHA512
  
  200224aad2ebcfcda14eea46fa2fd91bbb386c2d44a523209220af0ee6fe02f878ddb3ca2158ee311640f7dbca65df8ad4d9c4d47e81d85acbbbfb774e758122
- SSDEEP
  
  12288:p78H13YXCTlNLP9CanC42YSe5lEWUu2ysVPxwLke:kYyTPLVCanCzhyGHysJKLke
Score

10^/10

xloader gnui discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2