xloader

General

Target

12e576f977f74152cdf32cdfd8ea6904e3728f69a4c67bf30f449d6a0623ea41
Size

1.2MB
Sample

241121-ymst6azpfp
MD5

f5a695ecf6a154386de28c3df1bb8140
SHA1

ddb85ddfef909aa8091193ba25e2bffb29dd57bb
SHA256

12e576f977f74152cdf32cdfd8ea6904e3728f69a4c67bf30f449d6a0623ea41
SHA512

db3c0437e5a009a865c448881d70293b59824a8f4dfc77578a21ce783de583668fc870c6ab808b531cd6e194074a10eb3fcf983b33b67b85371f98814817c077
SSDEEP

6144:5BlL/ClGiQcRn2GMYjZxHLweHq5MZ7qVZq+ElZqwA3XHqsV/:/QlBQcd3MYjZxHUeHwMZuV8XlZqH

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u4an

Decoy

crossroadsinndfs.com

reichsland.top

tomrose.net

zoneindrones.net

814851.com

pingblackjack.com

pdsolutions.tech

sweethomecolorado.net

witterx.com

beneschcyberconsulting.com

electroborg.com

metodopita.com

picklericktoken.com

alkhawatercafe.com

lelittnpasumo4.xyz

osrr.top

khonnaisoi.com

jbbaudienstleistungen.com

theconfidenceboosterprogram.com

diamondtrade.net

Targets

- Target
  
  package delivery failed.exe
- Size
  
  333KB
- MD5
  
  696f70a52e873abbb6fe59673092d9d8
- SHA1
  
  e106d3dcebaa06ee19a246620d8e392d3977f19d
- SHA256
  
  a4b5549649c6a3bb9deccccd340fbbb60519fcb0e4091004628ea3b611dc0e3c
- SHA512
  
  ef7d57821de9e65b023fa53d38a2f4998ae11783834ecc41af1ea77b8c7e2307c22f48bbe2f7cca02b984f17292431dcf8796a0b4f501bfbe18458980906d6c2
- SSDEEP
  
  6144:BBlL/ClGiQcRn2GMYjZxHLweHq5MZ7qVZq+ElZqwA3XHqsV/n:HQlBQcd3MYjZxHUeHwMZuV8XlZqH3
Score

10^/10

xloader u4an discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/srrk.dll
- Size
  
  99KB
- MD5
  
  a3caa7e8895fb8eccc4cfc84c2f37283
- SHA1
  
  0c10231f8b45a1f6d9037fab396310a35fc572c5
- SHA256
  
  7b153187b30e47fda2f39d2621c04dded4e6776fabbebf5cc6a6a157a8324c02
- SHA512
  
  b96bdf0909a777ff559d31ac0600a5bbf90fcfa322232b4818ee275a2fda7638c4d06cb493f746a79e30367400ce2d252c46918e3dfbed851be81d1399b42c16
- SSDEEP
  
  1536:3pnXZ18vqXVzM4Ne15d1/LcIbUfsjsQ1uUYdYcj8Z:3pXZOIzM40FXV1WfjM
Score

10^/10

xloader u4an discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4