xloader

General

Target

656cb950e3811873a4659d8057e39a78d9eb44df652b691ebc027f2cf7a325f5
Size

118KB
Sample

241121-ykp1gsznhj
MD5

54945dbb053aafab1c50281086860da9
SHA1

9b36e4fad311dd788b4748781d45ece2aa09b6f8
SHA256

656cb950e3811873a4659d8057e39a78d9eb44df652b691ebc027f2cf7a325f5
SHA512

52a5d9afa99bb8ac5cf4608f0203782321028b859c46ee398894a24aee3e50ac867559460212035e232947f61362890e8c08e0774650e37c6460e704576cce74
SSDEEP

3072:mOMhvsKxuSKijcf9R1bQ2pi8apKCnKR2TtjQdF28b58HLnzOo:5MhkIxrjcV7bQYapKCK0TtjQdF28t8Hl

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

cvrn

Decoy

nxwatson.com

thegoodskart.com

jamiewaack.com

starvideoproduction.com

htwengenharia.com

shqipria.info

mybeauty.education

pphemr.net

relaxmorning.com

cunix88.com

bhartiyabrand.com

sofiedeneef.com

chabakaton.com

qianyanwanfu.com

testamentvorlage.club

gm321.com

dataxamarin.com

guktree.com

castroarchitects.com

prize-ad.com

Targets

- Target
  
  bin.exe
- Size
  
  160KB
- MD5
  
  fd5beee3f5bc16a77925f249ccb74436
- SHA1
  
  c2e45775aee31244abec4ebd5ae14b5b091c5fe1
- SHA256
  
  0b350577e82bb333a55a1ee5977a04b14ad3c274c3f8ee374c0329c309df0e2a
- SHA512
  
  0734d6f262ca92191da6f6275e3ed07696b3ec75c7e95ae7409c4962881a121588a6475e797731e3a297b35c0b957aaac685267f180f7551ee0c7ca70b86ec00
- SSDEEP
  
  3072:RaB426jIqOi0aostcjgAbLtdfO+dbMdMl2npiduLK3NpqegZluI+:Rxe6zosC8GL/O+dod0djGfln+
Score

10^/10

xloader cvrn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2