xloader

General

Target

b9f1b6b390e993702fc4638b3aa7bc0ff497cb7b1d7d48862fdf7c17ea2564e6
Size

232KB
Sample

241121-ync54awkhw
MD5

33023bebebf39f42483d60b9f41ee523
SHA1

7915afd15fa219f317afc83006300d77aac3857a
SHA256

b9f1b6b390e993702fc4638b3aa7bc0ff497cb7b1d7d48862fdf7c17ea2564e6
SHA512

c00333773a1c50d5e945863864361e2e55e46bcbe15c9cee0683beea3b5c7648f471fd5dd8f5cda9c24bb764fb0616c3d6a23bf2265abcd7d985a8e14ab116a0
SSDEEP

6144:rqSDbkLowPXPRBOWqHxHN8aLVh85dJQrv1DJBWDKvgwE4JnMaUD:2SoyHxHyUVO3AtVBWKvgEMaK

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rbrt

Decoy

murphypowder.com

roof.rentals

portalcidadaniaitaliana.com

rosettbeloof.quest

topup.website

flinorease.com

snakncity.com

megasaldaolu2021.xyz

taichan.xyz

4x4education.com

metaversealive.com

xyzvoip.com

finansresultation.com

camperstales.com

shmckeji.com

cinzakother.quest

wdgjdhpg.com

scottsregalcleaners.com

azaz2.xyz

nate.sbs

Targets

- Target
  
  2575df47e8e09da1f99edde3c9533468c1c76e271e354323bb410aab1bd5f02f
- Size
  
  244KB
- MD5
  
  ab56d27ab05f380a166ee2b9409a759b
- SHA1
  
  8fbda847f0969523042a9e9a0e1b2ce36e81d749
- SHA256
  
  2575df47e8e09da1f99edde3c9533468c1c76e271e354323bb410aab1bd5f02f
- SHA512
  
  6d824d2b1fc82298fe4b6d5bf735f3c88c272ed42134396a398481157812e1cd706ad915da4a7e64c7941e1898bbb0c8cf6c92602dd976618c270602e4a4a334
- SSDEEP
  
  6144:rGiK7P9Xjv4UPOth6tT+fzQrEdGUzlAsLRvDkE73Fb5iptZx9s:81XjO76Z+srE0URAkv7Gpt9s
Score

10^/10

xloader rbrt discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  qmhzftyxd.exe
- Size
  
  4KB
- MD5
  
  2281c1ed86f831c1fe3e0e9605f27b67
- SHA1
  
  492dce2fdc0859857277e4a4ac3b9bd6eb3cf966
- SHA256
  
  f7396efdcbc39e94a112ca8086d845b52ecbd9195516c9c9eff55491eee9f664
- SHA512
  
  be68d2f3eaa905172ebfc325320d86143ea84f31791b348a9e3b7004d3b2dc4c499f7d5e0f19419ae2d7be0d9277ea69876784214480dca120240abbe60ddc36
- SSDEEP
  
  48:S+NGKNw3WqIvYoPPhCO3Rq7IOdCVTnmquFRuqS:ZdqIv3pRQIOUVkfx
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4