xloader

General

Target

a6b962240edb22c5752ceed2e8cc1c2b43a32008e3520737008ce5cd71271075
Size

361KB
Sample

241121-ynwbnszqbl
MD5

0cf152b5a3d051d6858d695b1fb73322
SHA1

1f4b8aa3eba6cfa10f130dfd874a833d11bcab09
SHA256

a6b962240edb22c5752ceed2e8cc1c2b43a32008e3520737008ce5cd71271075
SHA512

ef7a8ad52813fedc68b56dd7282a64328c54790f73d11605ecd6b5b6a5fcd6c88b5dfbf8e79ef12d24d440c9912fc5bd799415e461f27c757815f4b9ecc8a50a
SSDEEP

6144:gXsD2LhJOC1eeyfg4MuGHQHWI4GKsphSywCilsq0l/Wc6ivrxCGtSJv2WUmoaC5m:5alYBeyfXMuOQ2IpoywCiWMczYwWeCCA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

8zdn

Decoy

yourherogarden.net

onlineharambee.net

cerrajeriaurgencias24horas.com

distritoforex.com

verifyclientserverssr.com

dandwg.com

co2-zero.global

joshssl.com

meckwt.com

theammf.com

rawclectic.com

gzgnetwork.com

richmondavenuecoc.com

nicolelyte.com

thetinyclosetboutique.com

llt-group.net

seven-sky-design.com

joganifinancialgrp.com

elementsvapes.com

bingent.info

Targets

- Target
  
  a3327c95da3017b7f9f87eeeef8ccba7373e363facad5024432b7aba20a9b832
- Size
  
  455KB
- MD5
  
  ca35b660415defe96fe6af4eb3a45d86
- SHA1
  
  61345b9633b50081b63b65bbf95410d265ea6ce5
- SHA256
  
  a3327c95da3017b7f9f87eeeef8ccba7373e363facad5024432b7aba20a9b832
- SHA512
  
  62dada14561a3c53bfd26c0468cee8ae6f7172c4495f78273eaf7e541f54d90d61d1ec59b49f4ad24aabcb42d663391290d041da67edc0148f3f7de33ecc3535
- SSDEEP
  
  12288:lr3++81XB6UShhRodjvFfWMyYNkdEK+7Wiv60O:df81XBwEdjvVfo+CJ
Score

10^/10

xloader 8zdn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2