xloader

General

Target

f3d5913219cd0b70ad97893a0d582189b5b23324b1b66a7646f328bc4d0c2da3
Size

498KB
Sample

241121-yl145swkev
MD5

71ade2c0e1ab958b44264785962ea425
SHA1

d22d9f2c9d9217ce6bbe00fe9576ad2c6e40b13e
SHA256

f3d5913219cd0b70ad97893a0d582189b5b23324b1b66a7646f328bc4d0c2da3
SHA512

51890692544ae2a036304da8d3144adfc492395e9d11436aab2cc8658b66a108bd928e9861a454075509caa32077f51eba814870645a3609637e7ebc81d676ea
SSDEEP

12288:N9WHRJEE7b7jMax9LJJfSMDzUSQ+Xcz4IG7ztSV60tLhTC4qu:qHhP7jBx9vScM+XW4IQsLf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

f6fw

Decoy

plumaroja.com

pceasyreview.com

wordsinprogressthegame.com

hiltonbomontieforeaspa.com

amu2020.com

airfieldelectric.com

reasonswhyletter.com

venturabankruptcyattorney.com

contorig2.com

kevinton.com

tiga-roda.com

swallow-express.com

berlins-cuban.com

newhopeadultos.com

yanmq.com

businessfundingtodayscam.com

goldtraderassociates.com

formulasimracing.com

rdifatra.com

asudprr.com

Targets

- Target
  
  DHL_SHIPMENT_REF#290421_73663_pdf.exe
- Size
  
  645KB
- MD5
  
  35b5ff4171eea1c0433f592d83631a14
- SHA1
  
  9a18a2807c82a63c26d71d9be32edc902129b116
- SHA256
  
  9aa3c6d66305578b1f8743f1f5260453432e9d9e157756640bd7f8cf85facc25
- SHA512
  
  3cd910a43731ab4d41203d20f348e765e481bcef7b7d583a83862168c82c274146582bcd67de47c145610e6fe7b95560f0b88fb796defe19f0b0cc4d7e05e21c
- SSDEEP
  
  12288:rG61i3ePiNmR1axgxOjtAgIi6xt11pAnym8E0muRwjWU5qrgqNdYCAWHDIouq6XZ:rG61UeioQgxOfIi4/zAnh8E0mu6WUE32
Score

10^/10

xloader f6fw discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2