xloader

General

Target

2342f84a7c8fdca7369293825194161a10ca16d2b7fd486ded3b82ce117e100a
Size

302KB
Sample

241121-yl9fhszpdq
MD5

d91ee94ffc3cae7074dbd208dfcc6b29
SHA1

765adadfac38bcfe85092e7ee5ebf26c83135fff
SHA256

2342f84a7c8fdca7369293825194161a10ca16d2b7fd486ded3b82ce117e100a
SHA512

da68096e9b3f6635139fcbf1a21732136e9bbd3ce1a621e35e8247f359f8c4f95c46fb1b8dcd186089b46883839b540e1f18c38a3199a767fb1780c6d256edc1
SSDEEP

6144:/djTUolVTV6BSlia0bfMUr8uECLjLQBLYAresH/poK+eRBHBf:/dXj6BSlTyfv8uxLjEoy/poKrf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ciaz

Decoy

jobgeist.com

pxwss.com

nathanaeljeffrey.xyz

rhoypl.biz

avachaturbate.com

xvideopornfilm.com

heser.net

olphschoolcrabfeed.com

ballygallycastle.com

attunetouchandglow.com

wwwswanciitaphotography.com

inspinevision.com

ebabadofood.com

glenngreerforlyman.com

stickojfni.online

cursophpbr.xyz

thefindommistress.com

8c9myn92dzep.biz

alexamedia.art

rarerp.com

Targets

- Target
  
  79e8144ee4e2e97695849928e162288fc282de48ff4caea48314f9cb56477917
- Size
  
  313KB
- MD5
  
  da75710d466d2544bc8f4442b1ce57eb
- SHA1
  
  8356ff061e4864bfe114fb9e65bed20c267c78e3
- SHA256
  
  79e8144ee4e2e97695849928e162288fc282de48ff4caea48314f9cb56477917
- SHA512
  
  6d5c8f28f60bd494cade7bf4324c3309ac29a421202dae3494b8118ade429560e4062a2c83bacbfea46c63fe173bc04ffc299b8dcd2f611d67c45e7cf2c22695
- SSDEEP
  
  6144:TxD3m22lVTV6BSLia0bfMUB8uEqLjLQ7LYAbesH/pAK+eRBYBD:Vm246BSLTkfN8ubLj4Uy/pAKaD
Score

10^/10

xloader ciaz discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  yjpsyjwo.exe
- Size
  
  168KB
- MD5
  
  c55e114aae523179f507d32858962fe4
- SHA1
  
  3a35f75de10123d4b438d7be88c6bae7087a9a74
- SHA256
  
  445868ae39772e2a65c0e927d6a98d240d93c8515d57837b95c17304ea0dd693
- SHA512
  
  3900a645770ed43ab18de621f85f83588efe9fafee732277ee26e361dc417560a0aacea392d7975634e16f250734dea1f15c8aa26fb8b80c31bec1833da9044c
- SSDEEP
  
  3072:Hc4Horf5X/n8eXZHTFGAfU7VKXHGHggY/dFUhqZJ:H3y1/n8YpDCVKXHGAr
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4