xloader

General

Target

61da1e62a955d7c06856df15c5ce91d4aa39b0716a419bf223d5b224c348d233
Size

1022KB
Sample

241121-ylssrszpcm
MD5

069098c803cffccf3fbe7d3acb683553
SHA1

3c04f05210ad4445d5a556beb8fffb1b7bfacb8c
SHA256

61da1e62a955d7c06856df15c5ce91d4aa39b0716a419bf223d5b224c348d233
SHA512

adc7b7848f45384a31104fe89d3475e9b199dd37228585c391f1de67e0360684d9128bf72f22b4832959f2b01191e18cfda64a5987896d2735c958fa3ddb2407
SSDEEP

24576:X5wDPT8672q28VmZ8QPE98izlBVQqkZDJjqq:XKDb8Bv8VmFodbQqwD9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uqf5

Decoy

paolograssino.com

hammockcoastproperty.net

blinbins.com

financierapoorvenirsas.com

mattruddle.com

wighumanhair.com

tvdajiang14.com

theblackharvest.com

tylerrucarean.com

a-prime-india-demataccount.zone

amboselisafarigallery.info

toolbnbapp.com

scientificindustrial.com

trainup-wall.com

pocosmo.com

thebluepottingtable.com

leavelogs.com

verbalfreedom.com

qa4i.com

kiiikoo.com

Targets

- Target
  
  0rder-bcm_23062021.bin
- Size
  
  1.3MB
- MD5
  
  be367a26f8caea0b21c3d23734fe926d
- SHA1
  
  7c64a083dc814e69fe472edbe3d87c74310a9ef8
- SHA256
  
  19502ad02119f2e62cd3a35bfb9ceda6be0e5767a078609631dca9091f9ecde6
- SHA512
  
  1dff8942de1ee220568a4f1ae2eebfa5b9de27fdbc4bc47460b2ba28dc8e3ec3ab55077e6fa549295ebbe3940889626264649eda761e3d879031d89340ce95e1
- SSDEEP
  
  24576:1KoBEm9pX4MSVHgIVxTEK+Qwsnd51RV1XPm5X0/fqrrCgPM2S8cAt8jipgXGdk:QjCX4M2pVFwq5bV1fm5C4CgPMu8jipg/
Score

10^/10

xloader uqf5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2