xloader

General

Target

811976224041ecf8d38638ab5440fe24cfe713ddc3fc8b532f0d70b9ea234b0c
Size

522KB
Sample

241121-yp2j3szqfm
MD5

067b5e326b009fa35b1b88972484a0b2
SHA1

d2bf987018bf87064faafddc25b769d8d19a9689
SHA256

811976224041ecf8d38638ab5440fe24cfe713ddc3fc8b532f0d70b9ea234b0c
SHA512

24ec3d03766d8d8233f4923bb349e7c94392e2340f8fc8951efc1807fa2662e65ae562aa9098347a1c98c4f60026096a0d7983cbd7227f4abde6f2e83abf890d
SSDEEP

12288:3OAKsi7R5ch/4O7EDbY3iZTfVVRIOPXKI2+kV:eEu3oz7E/BZTtYwKckV

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uqf5

Decoy

paolograssino.com

hammockcoastproperty.net

blinbins.com

financierapoorvenirsas.com

mattruddle.com

wighumanhair.com

tvdajiang14.com

theblackharvest.com

tylerrucarean.com

a-prime-india-demataccount.zone

amboselisafarigallery.info

toolbnbapp.com

scientificindustrial.com

trainup-wall.com

pocosmo.com

thebluepottingtable.com

leavelogs.com

verbalfreedom.com

qa4i.com

kiiikoo.com

Targets

- Target
  
  6480c27577ec4b5412f5869be7688753
- Size
  
  919KB
- MD5
  
  6480c27577ec4b5412f5869be7688753
- SHA1
  
  d47df66a173cdbf3d0edb12811fbbe3279c434aa
- SHA256
  
  f418beabbb3cb228180b1dbfa41904564d8936f77d01f6529c42d64f31b2d490
- SHA512
  
  cd5998cd94f8eca2ba9228fe9965f9a88d276af44adcab61f4974e72d6aa8f36f33ba67cd228a2f5dea14875024e170de5317860ad4a21589506de9901b29d33
- SSDEEP
  
  12288:RjHuWFHmpuSMPQipP5LqGd27mklDUZPh90ey56JCSXLhgVolis9R:RxHIRipBq02LDs+eycnbhZxL
Score

10^/10

xloader uqf5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2