xloader

General

Target

b524c912131e9de87aeaa11d46262b7def04648461334c6127007f3c5c24febc
Size

234KB
Sample

241121-ymazcawke1
MD5

3fd61d6a5bbe6bb4c68021de8c5cbecb
SHA1

e0543bdeabdfe9f9384ac7f841de889aeef2ac90
SHA256

b524c912131e9de87aeaa11d46262b7def04648461334c6127007f3c5c24febc
SHA512

dbfe92f72ef7ca651f8139f4cbfda653ad1b092d3b13986a1214434b207593912141ead3a1240e4e4184335dd15cb2ca325141292565b0b86dbd7a66c565de8c
SSDEEP

6144:J+rKsqIRFj2eojkPBLhN+fAq8xy3eI3+bn1fRLna:QrKA2FwFN/3xk+bnp1a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

goei

Decoy

bet365o2.com

gulf-landlord.info

foodsystemsjusticeproject.com

ronwongart.com

fwgkdhg.icu

armanrugservice.com

mapadequito.com

vbkulkarni.com

ltsbinge.com

creativem2.com

mindflexlab.com

ushealthvisa.com

247carkeyslondon.com

addthat.xyz

zanzan8.com

legendsalliance.net

shopflyonline.com

csgo-roll.net

reutbergcapital.com

mediaworkhouse.com

Targets

- Target
  
  832cd29741e78c65e4df47581cddeb7459e6db0bf178ed55c48b21719c849121
- Size
  
  328KB
- MD5
  
  586bdb5f4c93be7c1eda0a4aaad6b829
- SHA1
  
  96c7fac9812247cad8152be5206d8ceee7ac9247
- SHA256
  
  832cd29741e78c65e4df47581cddeb7459e6db0bf178ed55c48b21719c849121
- SHA512
  
  29e54c4dfa45851a36255716c2eca90754bb14997e12fd058edaa655e8bf8b8fb932067f407e43b9e5bf35d1136d74658b32319e52277d28d88a2157332dbf12
- SSDEEP
  
  6144:qfNEub3DnLw24d5+L+WpZeH8hwNUBizYvZWzqWUYxO:qmubD8L5c+WpZeH82Nv0vQyY
Score

10^/10

xloader goei discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2