xloader

General

Target

d914e540c6616a63f793f48f4c83f3d5c7a053b1b9268ebefbe628b1fd7dd26a
Size

278KB
Sample

241121-yn56wawlbz
MD5

9380da813b0692cb0e1b3074abafa39a
SHA1

6b2d4f2b25eb54f7dadbdf6702a0356165ecb4e4
SHA256

d914e540c6616a63f793f48f4c83f3d5c7a053b1b9268ebefbe628b1fd7dd26a
SHA512

9fa468475311c63e15409d8e1f4f93dc879e565e17ffe0f277be3cacedf397766a5817a6e812e6f714ed51f8bca96e7d1776e5d55a8f5237eb944b9f808bfee5
SSDEEP

6144:fWG2xw/LBVeWW3AkOcL+eLJCBVUTQtebj33i7YXLMg3Hv8g6f+m:fWtsVev3bOgvEVUTQCOwLMg3Hv8pD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

spj6

Decoy

kdelchev.com

myriamward.com

megaconsulting.pro

sunglassesmu.com

hispanavisionct.com

bodaciousbuffy.com

chuhuu.com

jerexcursion.com

merkabahindustries.com

shaktiroommontreal.com

violet-moon-interior-design.com

pyrosunited.com

89xs.xyz

bestchatonline.com

cubiscoin.com

ianzu.com

playersresearch.com

digitalvl.com

baans-barw.com

yuria-rain.com

Targets

- Target
  
  1d5c07529a9cdade02b015da19bd31a5065e6173155a7dc90504fb752f8fcc6e
- Size
  
  344KB
- MD5
  
  ef53aac1d971c1953d4ce233b3fe15ef
- SHA1
  
  13b89c63fb940ffd9aae566b45271685e904109a
- SHA256
  
  1d5c07529a9cdade02b015da19bd31a5065e6173155a7dc90504fb752f8fcc6e
- SHA512
  
  d2f3a58bceb5380f0a12b3a1718d1536315a6835019abf8dd6f7db8a31667fa627d921120961c34310788a35cbc6781ec39fafa89797746bef4e5261c7ef6380
- SSDEEP
  
  6144:58LEcoSsu5aXS7XN6GL/xl+HstePVss9i:5+oN6N6G7x4stePVHi
Score

10^/10

xloader spj6 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2