xloader

Sharing

Copy URL

Twitter E-mail

General

Target

07bfab28b65a059dcb96c7ee7b0d3d66ab533049c7a537ce902665720bb47249
Size

204KB
Sample

241121-yme83azpen
MD5

38f465924299f11447930a236933eceb
SHA1

c85474277c43c25719e76ffd8778b18e3c479dd7
SHA256

07bfab28b65a059dcb96c7ee7b0d3d66ab533049c7a537ce902665720bb47249
SHA512

950b841e42e541eac794d9f845e072c46507be9b0a00e1b6297124ac43c80954ff1671314c130442d5ea2ae910c305adabf734dc8454b5540926ca383d1af8af
SSDEEP

3072:db60u4NKg+27UGMcH7fdaqRBsFte38g1HLCyfDcEiTyoPOTfqa:db6n4N3BUI7BsFte38g1rfcELp

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pb93

Decoy

covidlawyersnj.com

zhgxzdh.com

mydomainaccounts.com

uniq.plus

snehapoorvam.com

anj-tradingltd.com

orderinglogin.com

1660688.com

cazconstructionservices.com

yildizwestern.com

futchampionz.com

starbritesmiles.com

viralxch.com

bandmanwiththeheadband.com

teachertechia.net

provenfitness.club

regentpublicity.net

meghaminz.com

mysuperdrink.com

redtomatoes.club

Targets

- Target
  
  92ec0fdda57232d435885971959cc65ede66e19f7ea7673798e97344008369fd
- Size
  
  216KB
- MD5
  
  d3e4488ee4f30b87b4ff5aa8d517f526
- SHA1
  
  1113830356c3c941f5e7cbbb6e546b2d1401ced0
- SHA256
  
  92ec0fdda57232d435885971959cc65ede66e19f7ea7673798e97344008369fd
- SHA512
  
  d6a06dab2949b18b928d91ff226c86bc4b2a2963f595a2db4a00c02fce71a46e8e98bdfc4e1d4d7b2f77e2526eef320f25d786bc2f699f1f732992634e25d100
- SSDEEP
  
  6144:gsu5HeyqxoIzX9ZP9GlA4DgIuuZyQXTxWXrI:25QiIztvGUIzyQmI
Score

10^/10

xloader pb93 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $_2_/pinguino-uninstall.exe
- Size
  
  33KB
- MD5
  
  2c1e33a40e471bc65c770106213e194a
- SHA1
  
  b74f3a5a485c3bc289e9301f9da8a798c2ea096c
- SHA256
  
  6c5934471282e97be87ef28c948ba2481e015a0df5194315d83c2bfc8035760c
- SHA512
  
  4cf1cb9ab0bb9a81464de91f9d3e379d3550b47baad791ceb9c52a877a5d4ec8c8e4e430a44da5f9a4f119d02904f99ada8914ba06356cb73b1f7ce185423a4b
- SSDEEP
  
  768:AV1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJqJRn+xo:gQpQ5EP0ijnRTXJ/xo
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8