xloader

General

Target

837d300e98a18fa8dbbc05698e27588c60cec168b5fc5a095a8b6ddeceb2a069
Size

237KB
Sample

241121-ym1vrswkgy
MD5

1e7dc7f4985a1ce47422ee9c39cc7bac
SHA1

c3621aadc98a2bdc09364c9a4fd6ad3c2afd8041
SHA256

837d300e98a18fa8dbbc05698e27588c60cec168b5fc5a095a8b6ddeceb2a069
SHA512

8413a1f7a1d12550126d07609d7036b3f44687083d6621a1b93a1708f73a433085dc66a15a687b0cffb2cd7a2a74a402beebe755b7e410cc3e9bfc4e4929bdeb
SSDEEP

6144:GChaREk9guCRcKEar/Vszx5YyHD4wxsoO79EgKDEU:rEak9BcNtszovzouu9DEU

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rht3

Decoy

sincitytactical.xyz

danangclick.com

walaupulaupau07.com

caselnk.com

abcnwqs.com

lordlinghk.com

unsaltner.com

allocationtestdrive.com

directinteractionscorp.com

paloaltoroofing.info

limchinjoosawmill.com

planetafps.com

elevenstonestudios.com

dqaej.com

generilic.com

sandydigitalmarketing.com

flyingnorthdesigns.com

arrowmops.com

freedommindsetpod.com

fpr.xyz

Targets

- Target
  
  Rfq_order_item_24062021.exe
- Size
  
  395KB
- MD5
  
  3914d904ebe3174fbfa604d97cae3a70
- SHA1
  
  8f175b52d4c770821af2d15dc0913e721316ad08
- SHA256
  
  d210db96dc90cbfc39b183fbab1bb9f59bd321101fbc7c405a1a4c16e0033863
- SHA512
  
  11dc78ad2a8c127c9b26d59a20ec5a4fafe22c364b828ab351e9c3255eb667ac9bfcb43a69f23713456204c1ae99db93fcbc858a9e0f7d114b1a337aca4d78b3
- SSDEEP
  
  6144:RTqjFta/eo1NGZxvk4QumnHU3lg3Z2hHmZIN38hkOQ7iZx7:5aaG4GZxvVbg3sHhNs+J7iZx7
Score

10^/10

xloader rht3 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4