xloader

General

Target

6a45e8bd8aab18aaf291aee35a9f9764719cbdb65b0b033d410de11b959f092c
Size

896KB
Sample

241121-yp65kazqfr
MD5

a7a6c54acc4e635235f8d6ad30faed8c
SHA1

42f019e5932355a5de783d5468d07864ae1f8fa4
SHA256

6a45e8bd8aab18aaf291aee35a9f9764719cbdb65b0b033d410de11b959f092c
SHA512

04880e43ba8158db10d25ed1858bcb44e522e924608965786eb5040edd9eef10488c495480378e5fa36c79ff119ca2850f12f1ad800cce5870e40ef16b31a8fb
SSDEEP

12288:qx7JjfVYTSdWIPp0BKCn+QhmUFxToZFd1HDLP3iCYdaP+s7VP1QLkg9BHqhUdKLJ:qxRfVgKnKBZ+QlxER1Hv/gXsoDKUxPs

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

meub

Decoy

ebookcu.com

sherwooddaydesigns.com

healthcarebb.com

pixelflydesigns.com

youtegou.net

audiokeychin.com

rioranchoeventscenter.com

nickofolas.com

comicstattoosnguns.com

ally.tech

paperplaneexplorer.com

janetkk.com

sun1981.com

pocopage.com

shortagegoal.com

tbluelinux.com

servantsheartvalet.com

jkhushal.com

91huangyu.com

portlandconservatory.net

Targets

- Target
  
  Scanned Enquires.exe
- Size
  
  1.1MB
- MD5
  
  9abd9b9521e406af49f9fb0e565d213f
- SHA1
  
  aea9b4c2dec2895be98fd9f4e10aac40df711879
- SHA256
  
  6771c3c843a0128509585cf697d7c466ae15c3c586789fdd3d7928328e0236c0
- SHA512
  
  f0a8255cdd0ae4ec56ea2bb5cb48736e6935a2761ccb98d30bb5cb9db5bf931c4f93e9f79b7321eaf899e5b3cf4507a8febba8a953b4ccd91ab4b06087386b90
- SSDEEP
  
  12288:F8/tsfA+hiNmT0tBBWX/BVhu1cDb9AgNP+bKWTAivJrYjM5XxmCyW+F3fJJCFuZC:FitqA+hi86zep0kOa+HlOjmmCyzBJC
Score

10^/10

xloader meub discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2