xloader

General

Target

05169db7f1ffd49e6ed73d6d55db576bcd1a89615588f1a2713af98e8f860456
Size

307KB
Sample

241121-ymjaqawkfv
MD5

edf52574766332cf4090475c1c76a913
SHA1

26c73c7d963cc95d1b25fc37f0a1c898887971b3
SHA256

05169db7f1ffd49e6ed73d6d55db576bcd1a89615588f1a2713af98e8f860456
SHA512

34235fb3ee5f5ad249dcdb8efde878a758c0fc7581ca93723028a432f33dda87bcbc27d064d37ec153ca91ce1ec8a8457fad9e224020f167fccbdd79a493a3ae
SSDEEP

6144:rGiGYU1PwJbC2i499oTnPAcX9fEdMdKS5ZgLhX7WOQ5yTt:6YmPwJbC74cPt9sdNIqLhXIox

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nv0a

Decoy

creativehomesrealty.com

hairshopamity.com

karunahotyoga.com

indialowfare.com

abdulnazar.com

art-handmade.com

videofx.store

onboard-alt-digital-avg.rest

lipe-engineering.com

arthurchatfield.com

keencloset.com

jsyonghui.com

hangwei.tech

price-hype.com

rlandislnteriors.com

junewilderwrites.com

dazhongwenzhai.com

tsnefise17.xyz

2ndmobi.com

natemerritt.com

Targets

- Target
  
  05169db7f1ffd49e6ed73d6d55db576bcd1a89615588f1a2713af98e8f860456
- Size
  
  307KB
- MD5
  
  edf52574766332cf4090475c1c76a913
- SHA1
  
  26c73c7d963cc95d1b25fc37f0a1c898887971b3
- SHA256
  
  05169db7f1ffd49e6ed73d6d55db576bcd1a89615588f1a2713af98e8f860456
- SHA512
  
  34235fb3ee5f5ad249dcdb8efde878a758c0fc7581ca93723028a432f33dda87bcbc27d064d37ec153ca91ce1ec8a8457fad9e224020f167fccbdd79a493a3ae
- SSDEEP
  
  6144:rGiGYU1PwJbC2i499oTnPAcX9fEdMdKS5ZgLhX7WOQ5yTt:6YmPwJbC74cPt9sdNIqLhXIox
Score

10^/10

xloader nv0a discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  mlkdtrqkv.exe
- Size
  
  117KB
- MD5
  
  d189de48d249626410e9f76ca430ebd8
- SHA1
  
  6a7ab73710c2d2f3a927ef58b16477c634b3fe46
- SHA256
  
  b12d7fb5370439771f33b99428d12979d59c1d2aff56eb572294e7fd2a7c05d5
- SHA512
  
  6ca5da001917ac5adceb933a1af72bd08ab0aa63fabf7de0d1d35528e40bb4aa45f65cf55bd4f867e040228b6a18cdda76741bf327687ad0245e3961c40d1a26
- SSDEEP
  
  3072:bVQ76d5kpPde4hhSbZxxA50GmWoWRo/fqI4hcWLYr:RS6opg4hhaxxHlWRifqI
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4