xloader

General

Target

075a0e3ac5e88670bade4e5b3bdeff4610060dc0328ec689453ccc441288368a
Size

656KB
Sample

241121-ym4lnazpgr
MD5

f7e17c0a13b79692624254c2b89620ff
SHA1

a30aad6d2e1585a92b6912fc1250b98d0c741a93
SHA256

075a0e3ac5e88670bade4e5b3bdeff4610060dc0328ec689453ccc441288368a
SHA512

4c38d1be603259638e99501a572ee68049afcb9b80d1762a95dea548a807d55b1cd3fb8883a25ee94aa9b4c9f971d5d1947b5eca4c97a33bf2759d08c44e54be
SSDEEP

12288:kKTXMEJBeHdzqUn3zyCHzOewGYy70aMG1G+ZeTJbOAa8MOltnR6G431G/:kKTXNeHduU3zyyNYq0iSJb9qOA1K

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

w8n5

Decoy

abolpij.space

secured-service-only.com

themoihay.com

uganda-info.com

readytrove.com

nehaandrajb.com

scuolapadelroma.store

childrensartcafe.com

intelldat.com

jinxedjesterdesigns.com

smallbusinessadminfunds.com

woody.email

effetasolutions.com

miied.com

oxszdt.biz

cdxgkj.com

thebestgpstracker.com

damancavexclusive.com

digitalboat.cloud

eyelikesystems.com

Targets

- Target
  
  Petrogulf 108-22.exe
- Size
  
  778KB
- MD5
  
  265e12d9de5e962b90ab8d8dd39e3a66
- SHA1
  
  2799490cd1831593b1c2694978c1dbec849bf96e
- SHA256
  
  28c28db28e96276f72ce38a60d04f0711388d3f93ecb34d4721dc94fc2bf9f07
- SHA512
  
  151e6a34dacd3a0371b7c9e5d88ecdc596074a2efc14dc834f0cf75ca5e7947224c961e985f6c32f6e6166853caff80b595c858c69088dea1866e9f4d9d2c481
- SSDEEP
  
  12288:WkgFEJgYYz0wnHZHEQRmYIso2huSWCL9xLEmSAQ31nPq2oK9PO/Z:q9jRdlIsvuSN5p2q2oKg/
Score

10^/10

xloader w8n5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2