xloader

General

Target

3721b2745c47a6a9bc5e267267e0a0e2282cb474decf20ea9d0b26bbf1d2b050
Size

699KB
Sample

241121-ynna3awlaw
MD5

3281ff0ff9b045d39932186ec5f9cc3f
SHA1

bb54b3e2c5f6ca577773c6ec4494f1cc7bfae13f
SHA256

3721b2745c47a6a9bc5e267267e0a0e2282cb474decf20ea9d0b26bbf1d2b050
SHA512

9c781f54b5d4572b7864160719b780003114275474601c69727083a31695599b4e1386fbdb617f3a2c9933557e7e613a3c60660887cbb95570c7c8c2d89dadd3
SSDEEP

12288:kvMpofJQXYNgmB0a+HLdV9/NmbSXlzIp2auAtVTZAAMVAWRiPMUyaOEkQKXgMnt:kkuBVrB0aILT1NmulE4a5tVaAMfF2OEg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

- Target
  
  payment_copy.bin
- Size
  
  835KB
- MD5
  
  5f4e6c1235a44e9ad163ea8d884be780
- SHA1
  
  aae60dc983c2b9f7140c9c8916e8f2f0f2fb7d54
- SHA256
  
  9a280dbe747fd0138866ce3eed8cd95ab86115e7d779d85f160d8350785a2d9e
- SHA512
  
  e714ba4bfbe6674417af2fadfc37af133b054840621e47fff1506b7e9c1e08abb6a0ad2e68bbd9ac60c584d9648d00590d269baa69ea17a53ff031e2b9313030
- SSDEEP
  
  24576:WJf/hEp1SkVxyapRJsWxRyodpQyjwMXB:CEyapRJsWZ3jL
Score

10^/10

xloader q4kr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2