xloader

General

Target

be69ec1f3485699df3a2b0eb9364ee4f88a92c04d2b60af77ea6d680f0a1f032
Size

412KB
Sample

241121-ymzbyazpgn
MD5

35d321f0bc6c29be43cab44b869ecb18
SHA1

75168350251f145aaeebe52ec5a0a40064c7290b
SHA256

be69ec1f3485699df3a2b0eb9364ee4f88a92c04d2b60af77ea6d680f0a1f032
SHA512

924d1b12499c3a9db78af3227db44a7b5a9f1740dabacb079f2b8ee739fc126bb1183aec143cbc3515a8b3c1c79d0e8caeea333ac411ff0df73ccc5723e12788
SSDEEP

12288:r6sNxM865uuoYaG29DYSmSEPHugaYp58Z:r8865oYaPxVuvVy

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

iwtr

Decoy

srikrishnadental.com

outthedoorinfive.com

batamgle.com

leela-13senses.com

iyhouse.space

brazzalb.com

camperinnrv.com

hageteruossan.com

alicepassion.com

wearethecardclinics.com

thenortherntechgroup.com

akademiarelacji.com

garu.club

brandscoop.net

ejassatulima.xyz

cdo-latam.com

noireimpactcollective.com

poquitotodo.com

g04urs14.com

mgytekstil.com

Targets

- Target
  
  balance invoice-3547542428_pdf.exe
- Size
  
  848KB
- MD5
  
  c3dee40777d198b0c2b202efa09544ca
- SHA1
  
  844ecd0e8303ee9c0d0a478d8fb9bb8b7bf5f2a4
- SHA256
  
  b496f743cf4cd880575f37fef2db5c36b857c36afd77f578fc80a19b02cd8b30
- SHA512
  
  c4a60605584b531cdc6b8d35c3067b19e401c78ff1ee32ba8e8e7d1a82c1e74a5d3957d636d41bbb0b8617cfb91533616491eecf3315128272376d4afd6956ae
- SSDEEP
  
  6144:xfWbU6Uq/ejSo047vgI9y0zJIbjG8YCsxqFsGsLgM03YFfi9hcaHv1b7nCLBgXIk:1kUmNEzgInlYxPsx2P9hcE1HCVp4
Score

10^/10

xloader iwtr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2