xloader

General

Target

aa81ef808ba1357daf173ad9f18a9954b2c9173829e64033a38063768d4ea666
Size

733KB
Sample

241121-ym8wdawkg1
MD5

11aaebd33a0db6e18eaa60d692846241
SHA1

c3acde105dff6312ec1933a07906d3e1db93bb32
SHA256

aa81ef808ba1357daf173ad9f18a9954b2c9173829e64033a38063768d4ea666
SHA512

5251e2aafb0fb8ee0bf85e2d049ffcf38b95e6ed0e2879a0a6a1898a6515b021e5ad7afd10cf66f6509742ce60de38ad7378e92998316afebcc8c3ac4b969f3a
SSDEEP

12288:pSKOeziOo6coIpjyrQespSHSwPbDeNGS+Mumq2piyUacBUTxEgg4b:pxOJOqTjyEcywPbCNdB5mUVNN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

sbjq

Decoy

topbrandslook.xyz

kupilabs.com

cedrick.net

91mh.info

ajoph.net

finishtheverse.com

pondokquranaljariyah.com

happyhoopoe.com

lowcostfooddelivery.com

estudiosvacunacovid19-co.com

iestradanhhome.com

xn--caasymas-e3a.com

shopqls.com

wpnator.com

parentedagency.com

nundmshop.com

lodosmimarlik.com

ccidyy.xyz

bem-vestida.com

smartincomeafrica.com

Targets

- Target
  
  Sparetronics - Line Card.exe
- Size
  
  790KB
- MD5
  
  0d15a3865c8e7c9ff7d9632969281f45
- SHA1
  
  3794ebfcda17346aa11f6a56ba05ed4ef1105642
- SHA256
  
  aac488250a4059c3a5fe215e9d37649ac3666e1acb0ffa9031d7a5b171f951e1
- SHA512
  
  2b1198db896cf56ee05f1ecada8da7bc809557d2364d92cadd9c64d2c573c2206cdd8b5e83b7ddc60ce15f1374eb8eeba139bff6656d1fc268a41176a1b91f4a
- SSDEEP
  
  12288:rSskqu7Es0xrVHB2kDRkAU7Ed1phEnUJp058NxjzCrwW7ZG9sVbXbs+XPgDdVAad:msCQrM74d1phEU48nCLss54dVAanpo
Score

10^/10

xloader sbjq discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

CustAttr .NET packer

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2