xloader

General

Target

52a3e7f0c298bd3fac67f953c5528ef41060e708a336c9f3c9c5e6e347ff3f00
Size

304KB
Sample

241121-ynxvhazqbm
MD5

4251d6e3ac2866a8087ca3f682cadbdf
SHA1

fc0c6d7b8f39b388ff64c0e15d35c136bef5a79b
SHA256

52a3e7f0c298bd3fac67f953c5528ef41060e708a336c9f3c9c5e6e347ff3f00
SHA512

e8936b50782ba9b6e50109f04b645049e33d978c77f39f45fcf3730d4f71b55b08bf777118a17c728b191f982d21ccbbb9ddc0b01c1ca96b58e0ce3df60d2e97
SSDEEP

6144:rGiCbmp18OIycnYCh22kriWLF0DJS/b4cAtTynWn206zambrBetaDX/1:1V/dChOcSTUtT3cagrMaDX/1

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

xa9e

Decoy

shellthatsells.com

ocelotsdigital.com

worldladder.com

florapac.com

midnight-express.biz

pantherproduct.com

cumits.com

dittamd.com

w388bet.store

muyuanshengshi.com

scrappedmovie.com

investordefence.com

coupdefoudres.com

sideralmkt.online

travwhizz.com

daniellestienstra.com

corbelladvocats.com

annocadans.quest

gabrycancio.com

petrocan.online

Targets

- Target
  
  52a3e7f0c298bd3fac67f953c5528ef41060e708a336c9f3c9c5e6e347ff3f00
- Size
  
  304KB
- MD5
  
  4251d6e3ac2866a8087ca3f682cadbdf
- SHA1
  
  fc0c6d7b8f39b388ff64c0e15d35c136bef5a79b
- SHA256
  
  52a3e7f0c298bd3fac67f953c5528ef41060e708a336c9f3c9c5e6e347ff3f00
- SHA512
  
  e8936b50782ba9b6e50109f04b645049e33d978c77f39f45fcf3730d4f71b55b08bf777118a17c728b191f982d21ccbbb9ddc0b01c1ca96b58e0ce3df60d2e97
- SSDEEP
  
  6144:rGiCbmp18OIycnYCh22kriWLF0DJS/b4cAtTynWn206zambrBetaDX/1:1V/dChOcSTUtT3cagrMaDX/1
Score

10^/10

xloader xa9e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/tcjngvzun.dll
- Size
  
  156KB
- MD5
  
  5b93103b861e156f69643e0c7ac84017
- SHA1
  
  5050ab7ffbf02899505ae533b8879d3db076d3d4
- SHA256
  
  fe4ef7dd57a355df3cf0bf52fb3d0409e4370178a507639fc0ea179cc4ea6843
- SHA512
  
  91484cbc4bcbff8e00ec20ce4fa54c1affc07c6889ad52246f7f1d7a2700c1a59b4c38cff2a16464b2403a610112f2ff488a6a52eb2756917d0bdbc96c5e664d
- SSDEEP
  
  3072:eQqOWJi1e6eUopxXEn29mESRkZkG/5UupblPtiSqxMUF2oLDlBYWpxa:L8KUX8EtN06UAofY
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4