xloader

General

Target

bada580efa147660d4042f557622d4f3d3e38b131a17add2c4320cee03636836
Size

308KB
Sample

241121-ynhqkswkhz
MD5

77ba1ccca5fcff5d6a5826eb30e68813
SHA1

43fda2f4ef06530b38f7d2e3ccd13b97b60f9af8
SHA256

bada580efa147660d4042f557622d4f3d3e38b131a17add2c4320cee03636836
SHA512

338e90b8ed47c025dc09a59613ae418d164a922612d3602ae71c46de00aed2c6a9721f1398a744c9fb7fd256a0ed08dec3defe8af9ded171c5026a35bc547055
SSDEEP

6144:zvOsPQ+eXYO7joa5VkceUwIuzdDkDDAGuELfSQt2MoeFcHSivZ4:jOseIOga5be9IuRkwGz2Moh5e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b0ar

Decoy

luckyjangteo.com

iots.top

kavakshop.com

perp.review

innasamudra.com

adclw.net

dinerboard.com

sempionhosting.com

welcome-sber.store

akcgoldenretrievers.com

bay-frame.com

myteethdental108.com

ya-diver.com

liuxuemba.com

knopfluiro.quest

ccaiai.top

centurypropertiespk.com

ministryofpup.com

2chemistry.com

zichtlijn.net

Targets

- Target
  
  5f475f3f7c27c744afe9f860d0e0c93c6acabb6eec8a222118a498d0f8816a10
- Size
  
  318KB
- MD5
  
  7b3ac47b7e0a3b84ae5a4a34c3b37503
- SHA1
  
  6b73e3bcff26f7b9d805bdf839271478e10d3aa9
- SHA256
  
  5f475f3f7c27c744afe9f860d0e0c93c6acabb6eec8a222118a498d0f8816a10
- SHA512
  
  dcb5b2ee9a55376699a733be65f8fdc5f482d2305447c67341577b40aabc9d27b34a76beb328daf3478ecd23e47d2064fb4b419f89cc3d2e0673e0c755d11105
- SSDEEP
  
  6144:TxDuIshmUqiRw6gPmFyggTDL40FbL5COzewlSUeGaSH+g:EIJ3hg9OHJCOa4FeGaDg
Score

10^/10

xloader b0ar discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  sekfuer.exe
- Size
  
  175KB
- MD5
  
  726feddb203f26ef36c573c5305d97f8
- SHA1
  
  0c88f5fe319fc16f18f924d57837c1cd8e1ddc07
- SHA256
  
  6c1038acb3f2815c1e332a37fac58ec85cf3737a6e6792e2dbf6a0a2c0ed00c4
- SHA512
  
  23ec28b39d0ab1c6dbc2fc2b9f7331a2610df03492522842517d41c52dffecf92d3ee688612134697495e5184f9ec8ac066e0b092eb637967ea5f220e83dd99a
- SSDEEP
  
  3072:v18pICwxEy5y2Obv+AEEdu+tHixgAeHkhEzHCOpHiVn816Cz3D:vCJMVyCEoQjhzHCOpHW8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4