xloader

General

Target

6a320de21bbba1a93f56eee513ec18a594ac1caa754c9ce946863022bbf62ceb
Size

338KB
Sample

241121-ykrjbawkbx
MD5

1ee227ec277bbf25bf8657dc0379eb8e
SHA1

afc9a4fe432148cc5113357d7ba845f5dcec4aad
SHA256

6a320de21bbba1a93f56eee513ec18a594ac1caa754c9ce946863022bbf62ceb
SHA512

7708f75ff5ac684c8a885eb4397d96e6af0084fd9ff9748eef3c9468669b6d1c86679bcba834c134e814b46b989508a373c9ff74595f5e1cd0b88887d2209efb
SSDEEP

6144:TxDf9Q//uNLa8UBanwMhumZGiANdNDKFiIeWyb1JoRtz6D:0/uManFhumZIpdJW+gtOD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rzwo

Decoy

1metroband.com

erobal.com

zzyykx.com

chamallino.com

ehrlichforjustice.com

fzshangmao.net

bulkprices.info

schlafen.xyz

footspan.com

jano5tau.xyz

ukrainianwriters.com

clf010.com

kgvf.email

matura-natural.com

life23.club

yuanxuhuafu.com

autism-101.com

lithiumhexafluorophosphate.net

ducer.info

tender.guru

Targets

- Target
  
  6a320de21bbba1a93f56eee513ec18a594ac1caa754c9ce946863022bbf62ceb
- Size
  
  338KB
- MD5
  
  1ee227ec277bbf25bf8657dc0379eb8e
- SHA1
  
  afc9a4fe432148cc5113357d7ba845f5dcec4aad
- SHA256
  
  6a320de21bbba1a93f56eee513ec18a594ac1caa754c9ce946863022bbf62ceb
- SHA512
  
  7708f75ff5ac684c8a885eb4397d96e6af0084fd9ff9748eef3c9468669b6d1c86679bcba834c134e814b46b989508a373c9ff74595f5e1cd0b88887d2209efb
- SSDEEP
  
  6144:TxDf9Q//uNLa8UBanwMhumZGiANdNDKFiIeWyb1JoRtz6D:0/uManFhumZIpdJW+gtOD
Score

10^/10

xloader rzwo discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  drfgruezwu.exe
- Size
  
  235KB
- MD5
  
  ce84e0de135e04f77cadb28f8c216367
- SHA1
  
  fa583c32020b084e748bf263d120fcfe4ccc324f
- SHA256
  
  4a5824da0a6b328ddcf55a46e71ae5648c3c2fb3ce8e39add28de82c3e97ef5b
- SHA512
  
  47e14f190c782dc703468d4751b39865f3274de2b9cd35652d906e07c3f7da1014173284b14be8041d1ab9eeca0dd878ce290d9342b057b85d2cf4dd1cc72071
- SSDEEP
  
  3072:9YdkjNRRUWCJAUQATQq01e9bhxT/vTG1DhZ3BdjS6G6LmDkCdzqqp00y+Vi/C:9L0WQAWTQqMe9b/r6DhpOvYMqS
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4